From: Oliver Neukum <oneukum@suse.com>
To: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Alan Stern <stern@rowland.harvard.edu>,
LKML <linux-kernel@vger.kernel.org>,
linux-usb@vger.kernel.org,
Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Subject: Re: UBSAN whinge in ihci-hub.c
Date: Wed, 18 May 2016 12:19:07 +0200 [thread overview]
Message-ID: <1463566747.22748.24.camel@suse.com> (raw)
In-Reply-To: <CAPAsAGyFVzAbPfRqssRybFY7M0jAaMKOF==K7rZ_Epn6YjjyqQ@mail.gmail.com>
On Wed, 2016-05-18 at 12:16 +0300, Andrey Ryabinin wrote:
> 2016-05-18 11:18 GMT+03:00 Oliver Neukum <oneukum@suse.com>:
> > On Wed, 2016-05-18 at 10:40 +0300, Andrey Ryabinin wrote:
> >> 2016-05-18 1:16 GMT+03:00 Greg Kroah-Hartman <gregkh@linuxfoundation.org>:
> >> > On Tue, May 17, 2016 at 05:52:40PM -0400, Valdis Kletnieks wrote:
> >> >> So, not content in the amount of breakage I generate already, I
> >> >> compiled with UBSAN enabled...
> >> >>
> >> >> The immediately relevant part:
> >> >>
> >> >> [ 2.418576] ================================================================================
> >> >> [ 2.418579] UBSAN: Undefined behaviour in drivers/usb/host/ehci-hub.c:877:47
> >> >> [ 2.418582] index -1 is out of range for type 'u32 [1]'
> >> >
> >> > <snip>
> >> >
> >> > It's a known bug in ubsan,
> >>
> >> It's not a bug. int *p = &a[-1] is undefined behavior. It doesn't
> >> matter whether that pointer dereferenced or not.
> >
> > That is a bold statement. Pointer arithmetic is defined. How can
> > the computation of an address be undefined behavior while it is
> > not used?
>
> It's defined only if pointer points to array element or one-past-end
> element. Everything else is undefined.
>
> $ 6.5.6.8
> "If both the pointer operand and the result point to elements of
> the same array object,
> or one past the last element of the array object, the evaluation
> shall not produce an overflow;
> otherwise, the behavior is undefined."
But we do not care whether the calculation overflows. We don't use it
at all in those cases.
Regards
Oliver
next prev parent reply other threads:[~2016-05-18 10:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-17 21:52 UBSAN whinge in ihci-hub.c Valdis Kletnieks
2016-05-17 22:16 ` Greg Kroah-Hartman
2016-05-18 7:40 ` Andrey Ryabinin
2016-05-18 8:18 ` Oliver Neukum
2016-05-18 9:16 ` Andrey Ryabinin
2016-05-18 10:19 ` Oliver Neukum [this message]
2016-05-18 12:21 ` Andrey Ryabinin
2016-05-18 14:40 ` Alan Stern
2016-05-18 15:02 ` Andrey Ryabinin
2016-05-18 16:09 ` Alan Stern
2016-05-18 17:15 ` Andrey Ryabinin
2016-05-18 19:28 ` Alan Stern
2016-05-19 16:29 ` Andrey Ryabinin
2016-05-19 20:11 ` Alan Stern
2016-05-23 15:58 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1463566747.22748.24.camel@suse.com \
--to=oneukum@suse.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.