| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Apr 2014 08:59:57 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Bjorn Helgaas' <bhelgaas@...gle.com>, "David S. Miller" <davem@...emloft.net> CC: Florian Fainelli <f.fainelli@...il.com>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, James Morris <jmorris@...ei.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Patrick McHardy <kaber@...sh.net> Subject: RE: [PATCH] tcp: fix compiler array bounds warning on selective_acks[] Bjorn Helgaas > With -Werror=array-bounds, gcc v4.8.x warns that in tcp_sack_remove(), a > selective_acks[] "array subscript is above array bounds". > > I don't understand how gcc figures this out, or why we don't see similar > problems many other places, but this is the only fix I can figure out. ... > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index 65cf90e063d5..65133b108236 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -4047,7 +4047,8 @@ static void tcp_sack_remove(struct tcp_sock *tp) > > /* Zap this SACK, by moving forward any other SACKS. */ > for (i = this_sack+1; i < num_sacks; i++) > - tp->selective_acks[i-1] = tp->selective_acks[i]; > + if (i < ARRAY_SIZE(tp->selective_acks)) > + tp->selective_acks[i-1] = tp->selective_acks[i]; > num_sacks--; > continue; > } You really shouldn't add that test every time around the loop. Try changing the loop so the assignment is: tp->selective_acks[i] = tp->selective_acks[i + 1]; or the loop test to: i <= num_sacks - 1; Or beat up the gcc developers :-) David
Powered by blists - more mailing lists