Re: out-of-bounds array index

From: Jan Engelhardt
Date: Thu Feb 07 2008 - 14:21:25 EST

Next message: Marcel Holtmann: "Re: [PATCH] USB: mark USB drivers as being GPL only"
Previous message: Daniel Phillips: "Re: [git pull] x86 arch updates for v2.6.25"
In reply to: Jesse Barnes: "Re: out-of-bounds array index"
Next in thread: Jesse Barnes: "Re: out-of-bounds array index"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 7 2008 19:56, Jens Axboe wrote:
>
>Just saw this from gcc:
>
>drivers/char/drm/i915_drv.c: In function ?i915_suspend?:
>drivers/char/drm/i915_drv.c:173: warning: array subscript is above array
>bounds
> CC [M] drivers/char/drm/i915_dma.o
>drivers/char/drm/i915_drv.c: In function ?i915_resume?:
>drivers/char/drm/i915_drv.c:220: warning: array subscript is above array
>bounds
>
>It's this code:
>
> dev_priv->saveGR[0x18] =
> i915_read_indexed(VGA_GR_INDEX, VGA_GR_DATA, 0x18);
>
>which looks legit, since saveGR is

It is not legit at all. 0x18 is the 25th position in the array,
but it is only 24 big. (Excluding play-hide-and-seek games like
allocating more in case of malloc or char *foo[0].)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marcel Holtmann: "Re: [PATCH] USB: mark USB drivers as being GPL only"
Previous message: Daniel Phillips: "Re: [git pull] x86 arch updates for v2.6.25"
In reply to: Jesse Barnes: "Re: out-of-bounds array index"
Next in thread: Jesse Barnes: "Re: out-of-bounds array index"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]