Re: 2.6.28-rc3: usb_hcd_poll_rh_status: array subscript is abovearray bounds

[Alan Stern]

On Tue, 4 Nov 2008, Andrey Borzenkov wrote:

> > I think this is actually a compiler bug.  It certainly has nothing to
> > do with USB.  There was a discussion about it a month or so ago on
> > LKML.
> > 
> 
> 
> 
> Yes this really looks like a compiler bug, "length" hardly can be considered
> constant expression even using very broad definition of "constant".
> 
> What is interesting though, it appears that compiler believes length has
> value of 5. So it will copy one extra byte; and possibly pass incorrect
> length to the caller. I cannot judge whether this garbage can do any harm.

Did you examine the object code?  That's the only way to be sure.

> Dp you know if it was ever reported to gcc folks?

I have no idea.  All I know is what was reported on LKML.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/