lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 5 Mar 2014 13:54:09 -0700
From:	Bjorn Helgaas <bhelgaas@...gle.com>
To:	David Laight <David.Laight@...lab.com>
Cc:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Florian Fainelli <f.fainelli@...il.com>
Subject: Re: [PATCH] phy: fix compiler array bounds warning on settings[]

[+cc Florian]

On Wed, Mar 5, 2014 at 2:10 AM, David Laight <David.Laight@...lab.com> wrote:
> From: Bjorn Helgaas
>> With -Werror=array-bounds, gcc v4.7.x warns that in phy_find_valid(), the
>> settings[] "array subscript is above array bounds", I think because idx is
>> a signed integer and if the caller supplied idx < 0, we pass the guard but
>> still reference out of bounds.
>
> Not rejecting the patch but...
>
> Just indexing an array with 'int' shouldn't cause this warning,
> so somewhere a caller must actually be passing an idx < 0.
>
> While changing the type to unsigned will make the comparison
> against the array bound reject the -1, I suspect that the
> specific call path didn't really intend passing a hard-coded -1.
>
> It might be worth trying to locate the call site that passes -1.

I'm stumped.  phy_find_valid() is static and only called from one
place.  The 'idx' argument is always the result of phy_find_setting(),
which should always return something between 0 and
ARRAY_SIZE(settings), so I don't see any way idx can be < 0.

I stripped this down as far as I could; the resulting test code is at
http://pastebin.com/pp1zMEWu if anybody else wants to look at it.  I'm
using gcc 4.8.x 20131105 (prerelease), with "-Warray-bounds -O2"
flags.

I hesitate to suspect a compiler bug, but it is very strange.  For
example, in my test code, replacing "MAX_NUM_SETTINGS" with "2" gets
rid of the warnings.  MAX_NUM_SETTINGS is known to be 2 at
compile-time, so I don't know why this should make a difference.

Bjorn
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists