From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Cc: pmenzel@molgen.mpg.de
Subject: Re: disk/mdraid1x_linux.c:181:15: warning: array subscript ...
Date: Fri, 20 Mar 2020 14:05:59 +0100 [thread overview]
Message-ID: <19348718378123487642@scdbackup.webframe.org> (raw)
In-Reply-To: <fda623d3-634d-dbc2-74e6-387bd7040a00@molgen.mpg.de>
Hi,
Paul Menzel wrote:
> 181 | (char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)]
> 98 | grub_uint16_t dev_roles[]; /* Role in array, or 0xffff for a
> 127 | struct grub_raid_super_1x sb;
> [...]
> Normally, it should be fixed by using `grub_uint16_t[]` instead of
> `grub_uint16_t[0]`, but I haven’t found out where yet.
I rather propose to consider this untested and not properly styled
change:
--- grub-core/disk/mdraid1x_linux.c 2018-09-05 11:41:09.690721520 +0200
+++ grub-core/disk/mdraid1x_linux.c.ts 2020-03-20 13:57:21.159675792 +0100
@@ -178,8 +178,9 @@ grub_mdraid_detect (grub_disk_t disk,
return NULL;
if (grub_disk_read (disk, sector,
- (char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)]
- - (char *) &sb,
+ ((char *) &sb.dev_roles - (char *) sb)
+ + grub_le_to_cpu32 (sb.dev_number) * sizeof(grub_uint16_t),
sizeof (role), &role))
return NULL;
------------------------------------------------------------------------
Reasoning:
I see
grub_uint16_t dev_roles[0];
in
http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/disk/mdraid1x_linux.c#n98
It's a gcc extension.
https://www.gnu.org/software/gnu-c-manual/gnu-c-manual.html#Declaring-Arrays
"As a GNU extension, the number of elements can be as small as zero.
Zero-length arrays are useful as the last element of a structure which
is really a header for a variable-length object"
So isn't the problem rather about the allocation of the struct which
hosts .dev_roles ?
Currently there is in mdraid1x_linux.c:
struct grub_raid_super_1x
{
...
grub_uint16_t dev_roles[0]; /* Role in array, or 0xffff for a spare, or 0xfffe for faulty. */
};
...
static struct grub_diskfilter_vg *
grub_mdraid_detect (grub_disk_t disk, ...
...
struct grub_raid_super_1x sb;
The allocation as local variable does not appear to provide this extra
memory storage, which shall host the array members of dev_roles.
I fail to see how sb could get enlarged later. The stack neighbors of sb
do not look like they would provide their storage for an array.
Now why didn't this fail earlier ?
That's because the bad array index use is not for memory access but for
pointer arithmetics:
http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/disk/mdraid1x_linux.c#n180
if (grub_disk_read (disk, sector,
(char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)]
- (char *) &sb,
sizeof (role), &role))
The code wants a number which shall be used as parameter grub_off_t offset
of grub_disk_read() (in grub-core/kern/disk.c).
I think that the following expression produces the same number without
virtual access to a virtual array member:
(char *) &sb.dev_roles - (char *) sb
+ grub_le_to_cpu32 (sb.dev_number) * sizeof(grub_uint16_t)
Have a nice day :)
Thomas
next prev parent reply other threads:[~2020-03-20 13:05 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-20 8:24 disk/mdraid1x_linux.c:181:15: warning: array subscript <unknown> is outside array bounds of ‘grub_uint16_t[0]’ {aka ‘short unsigned int[0]’} [-Warray-bounds] Paul Menzel
2020-03-20 13:05 ` Thomas Schmitt [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-03-24 16:52 grub/head build with pre-release GCC10 ; fail @ "grub-core/disk/mdraid1x_linux.c:181:15: error: ..." PGNet Dev
2020-03-24 17:54 ` disk/mdraid1x_linux.c:181:15: warning: array subscript Thomas Schmitt
2020-03-25 7:27 ` Michael Chang
2020-03-25 11:13 ` Thomas Schmitt
2020-03-26 3:08 ` Michael Chang
2020-03-25 15:35 ` PGNet Dev
2020-03-25 15:52 ` Paul Menzel
2020-03-25 15:54 ` PGNet Dev
2020-03-25 16:08 ` Paul Menzel
2020-03-26 3:29 ` Michael Chang
2020-03-26 4:05 ` PGNet Dev
2020-03-25 18:35 ` Daniel Kiper
2020-03-26 4:13 ` Michael Chang
2020-03-26 4:24 ` Michael Chang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19348718378123487642@scdbackup.webframe.org \
--to=scdbackup@gmx.net \
--cc=grub-devel@gnu.org \
--cc=pmenzel@molgen.mpg.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.