This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Fix 'array subscript is above array bounds' warning in res_send.c


On 16-12-2014 11:05, Siddhesh Poyarekar wrote:
> On Tue, Dec 16, 2014 at 10:59:10AM -0200, Adhemerval Zanella wrote:
>> My understanding is to not shadow possible compiler issues with unrequired
>> code.
> I don't think this is a compiler issue since I don't think the
> compiler will ever be able to evaluate that the range for the nscounts
> will be limited to MAXNS.  In fact, given the wide usage of nscount
> within the code, a bug could technically send the nscounts beyond
> MAXNS.
>
> Siddhesh

 426                 if (statp->nscount > EXT(statp).nscount)
 427                         for (n = EXT(statp).nscount, ns = 0;
 428                              n < statp->nscount; n++) {
 429                                 while (ns < MAXNS
 430                                        && EXT(statp).nsmap[ns] != MAXNS)
 431                                         ns++;
 432                                 if (ns >= MAXNS)
 433                                         break;
 434                                 EXT(statp).nsmap[ns] = n;
 435                                 map[n] = ns++;
 436                         }

In this loop 'ns' is initialized to '0' and updated on a simple while with
2 constraints.  Someone with more compiler background could correct me, but
I don't think this is really hard to compile evaluate that will fall
in 0 <= ns < MAXNS in all cases.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]