| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4078476.C7oJjrxxdA@wuerfel> Date: Thu, 23 Jun 2016 11:06:11 +0200 From: Arnd Bergmann <arnd@...db.de> To: Ville Syrjälä <syrjala@....fi> Cc: Tomi Valkeinen <tomi.valkeinen@...com>, Jean-Christophe Plagniol-Villard <plagnioj@...osoft.com>, Ingo Molnar <mingo@...nel.org>, "Luis R. Rodriguez" <mcgrof@...e.com>, Borislav Petkov <bp@...e.de>, linux-fbdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] fbdev: atyfb: fix array overflow On Thursday, June 23, 2016 3:28:25 AM CEST Ville Syrjälä wrote: > On Wed, Jun 22, 2016 at 02:37:11PM +0200, Arnd Bergmann wrote: > > When building with CONFIG_UBSAN_SANITIZE_ALL on ARM, I get this > > gcc warning for atyfb: > > > > drivers/video/fbdev/aty/atyfb_base.c: In function 'aty_bl_update_status': > > drivers/video/fbdev/aty/atyfb_base.c:167:33: warning: array subscript is above array bounds [-Warray-bounds] > > drivers/video/fbdev/aty/atyfb_base.c:152:26: warning: array subscript is above array bounds [-Warray-bounds] > > > > Apparently the warning is correct and there is indeed an overflow, > > Nope. All the LCD register indexes on the Rage LT (the only relevant > chip for this code path) should stay below the table size. At least > I can't see any place where we'd walk past the end. I don't understand what you mean: the warning is about LCD_MISC_CNTL, which is defined as 0x14, while the array size is 9 and that is smaller. Is there something more subtle going on than what gcc sees? Arnd
Powered by blists - more mailing lists