Re: [PATCH v2] usb: r8a66597-hcd: host: fix port index underflow and UBSAN complains

[Alan Stern]

On Sun, Jul 02, 2023 at 12:19:11AM +0200, Uwe Kleine-König wrote:
> Hello Alan,
> 
> On Sat, Jul 01, 2023 at 02:54:46PM -0400, Alan Stern wrote:
> > wIndex should never be == 0 or > max_root_hub in the cases where rh gets 
> > used; such values would be meaningless.  But we don't control the value 
> > of wIndex, because it can come from userspace.  So we can't simply 
> > assume it will always be valid; it has to be checked.
> > 
> > That being understood, the changes Zhang is making here are meant mostly 
> > to prevent UBSAN and the compiler from complaining or making false 
> > assumptions.  The actual checks on wIndex occur later in the subroutine.
> 
> I'm guilty of not having looked at all on that function, but it sounds
> wrong to me to calculate values from some untrusted input and only
> later validate the input. It should be the other way round, shouldn't
> it? This is calling for compiler optimisations stepping on your toes.

Six of one, half a dozen of the other.  In the end I don't think it 
makes much difference; it basically comes down to personal choice.  
Which is fine, provided the final choice is one of the correct ones.

Alan Stern