lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 04 Feb 2019 09:15:56 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     leitao@...ian.org
Cc:     netdev@...r.kernel.org, daniel@...earbox.net, ast@...nel.org
Subject: Re: [PATCH] bpf: test_maps: Avoid possible out of bound access

From: Breno Leitao <leitao@...ian.org>
Date: Mon,  4 Feb 2019 14:27:11 -0200

> When compiling test_maps selftest with GCC-8, it warns that an array might
> be indexed with a negative value, which could cause a negative out of bound
> access, depending on parameters of the function. This is the GCC-8 warning:
> 
> 	gcc -Wall -O2 -I../../../include/uapi -I../../../lib -I../../../lib/bpf -I../../../../include/generated -DHAVE_GENHDR -I../../../include    test_maps.c /home/breno/Devel/linux/tools/testing/selftests/bpf/libbpf.a -lcap -lelf -lrt -lpthread -o /home/breno/Devel/linux/tools/testing/selftests/bpf/test_maps
> 	In file included from test_maps.c:16:
> 	test_maps.c: In function ‘run_all_tests’:
> 	test_maps.c:1079:10: warning: array subscript -1 is below array bounds of ‘pid_t[<Ube20> + 1]’ [-Warray-bounds]
> 	   assert(waitpid(pid[i], &status, 0) == pid[i]);
> 		  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> 	test_maps.c:1059:6: warning: array subscript -1 is below array bounds of ‘pid_t[<Ube20> + 1]’ [-Warray-bounds]
> 	   pid[i] = fork();
> 	   ~~~^~~
> 
> This patch simply guarantees that the tasks variable is unsigned, thus, it
> could never be a negative number, hence avoiding an out of bound access
> warning.
> 
> Signed-off-by: Breno Leitao <leitao@...ian.org>

As good a fix as any...

Acked-by: David S. Miller <davem@...emloft.net>

Powered by blists - more mailing lists