| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <063D6719AE5E284EB5DD2968C1650D6D5F4C4597@AcuExch.aculab.com> Date: Mon, 23 May 2016 15:58:43 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Andrey Ryabinin' <ryabinin.a.a@...il.com>, Oliver Neukum <oneukum@...e.com> CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Alan Stern <stern@...land.harvard.edu>, LKML <linux-kernel@...r.kernel.org>, "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>, Valdis Kletnieks <Valdis.Kletnieks@...edu> Subject: RE: UBSAN whinge in ihci-hub.c From: Andrey Ryabinin > Sent: 18 May 2016 13:21 ... > >> $ 6.5.6.8 > >> "If both the pointer operand and the result point to elements of > >> the same array object, > >> or one past the last element of the array object, the evaluation > >> shall not produce an overflow; > >> otherwise, the behavior is undefined." > > > > But we do not care whether the calculation overflows. We don't use it > > at all in those cases. > > > > This doesn't make it defined. Also that pointer is unused only if gcc > doesn't optimize away '!wIndex' check. > If it does, we may actually use it. The compiler is allowed to generate the pointer and load it into a 'pointer register'. On a hardware that has fat pointers and where the hardware validates the bounds (&foo - 1) can fault. The most recent hardware that does that is probably a vax. Although I believe amd64 will fault if you load a suitable invalid value (not a valid pointer) into the fs/gs offset registers. David
Powered by blists - more mailing lists