Re: PATCH: fix out of range array access in dlls/kernel32/relay16.c (fwd)
Gerald Pfeifer <gerald(a)pfeifer.com> writes:
Alexandre,
I checked again and if we don't address this we'll get two new warnings issues in a default build with GCC 4.3. How does the patch below look?
Not good, it adds noise to the code for no good reason. Why would gcc complain about that one? -- Alexandre Julliard julliard(a)winehq.org
On Thu, 29 Nov 2007, Alexandre Julliard wrote:
I checked again and if we don't address this we'll get two new warnings issues in a default build with GCC 4.3. How does the patch below look? Not good, it adds noise to the code for no good reason. Why would gcc complain about that one?
GCC 4.3 (today's snapshot) complains as follows when building Wine with default options: relay16.c: In function 'relay_call_from_16': relay16.c:323: warning: array subscript is above array bounds relay16.c:427: warning: array subscript is above array bounds Looking at the code GCC is right: for (j = 0; j < sizeof(call->ret)/sizeof(call->ret[0]); j++) if (call->ret[j] == 0xca66 || call->ret[j] == 0xcb66) break; if (call->ret[j] == 0xcb66) /* cdecl */ Unless we break out of the loop, after the loop j will be the number of elements in the array, and thus call->rej[j] will be the first element _after_ the array, running into the next field of the structure. The straightforward fix to avoid this out-of-array access was my first patch at http://www.winehq.org/pipermail/wine-patches/2007-September/044612.html which you didn't like too much ;-), so I cooked up the second one http://www.winehq.org/pipermail/wine-patches/2007-November/047288.html Do you (or does anyone else) have a better idea how to address this? Gerald
participants (2)
-
Alexandre Julliard -
Gerald Pfeifer