| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Feb 2019 15:52:54 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Breno Leitao <leitao@...ian.org>, netdev@...r.kernel.org Cc: ast@...nel.org, davem@...emloft.net Subject: Re: [PATCH v2] bpf: test_maps: Avoid possible out of bound access On 02/05/2019 06:12 PM, Breno Leitao wrote: > When compiling test_maps selftest with GCC-8, it warns that an array might > be indexed with a negative value, which could cause a negative out of bound > access, depending on parameters of the function. This is the GCC-8 warning: > > gcc -Wall -O2 -I../../../include/uapi -I../../../lib -I../../../lib/bpf -I../../../../include/generated -DHAVE_GENHDR -I../../../include test_maps.c /home/breno/Devel/linux/tools/testing/selftests/bpf/libbpf.a -lcap -lelf -lrt -lpthread -o /home/breno/Devel/linux/tools/testing/selftests/bpf/test_maps > In file included from test_maps.c:16: > test_maps.c: In function ‘run_all_tests’: > test_maps.c:1079:10: warning: array subscript -1 is below array bounds of ‘pid_t[<Ube20> + 1]’ [-Warray-bounds] > assert(waitpid(pid[i], &status, 0) == pid[i]); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > test_maps.c:1059:6: warning: array subscript -1 is below array bounds of ‘pid_t[<Ube20> + 1]’ [-Warray-bounds] > pid[i] = fork(); > ~~~^~~ > > This patch simply guarantees that the task(s) variables are unsigned, thus, > they could never be a negative number, hence avoiding an out of bound access > warning. > > Signed-off-by: Breno Leitao <leitao@...ian.org> Given this is a false positive anyway and we only want to reduce gcc noise, I've applied it to bpf-next, thanks Breno!
Powered by blists - more mailing lists