From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LvFEp-0008Ne-Oe for qemu-devel@nongnu.org; Sat, 18 Apr 2009 14:26:03 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LvFEl-0008MN-Dt for qemu-devel@nongnu.org; Sat, 18 Apr 2009 14:26:03 -0400 Received: from [199.232.76.173] (port=37821 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LvFEl-0008MK-7J for qemu-devel@nongnu.org; Sat, 18 Apr 2009 14:25:59 -0400 Received: from mail-fx0-f169.google.com ([209.85.220.169]:40175) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LvFEk-0006FQ-NS for qemu-devel@nongnu.org; Sat, 18 Apr 2009 14:25:59 -0400 Received: by fxm17 with SMTP id 17so1210527fxm.34 for ; Sat, 18 Apr 2009 11:25:57 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <829169.28940.qm@web35202.mail.mud.yahoo.com> References: <829169.28940.qm@web35202.mail.mud.yahoo.com> Date: Sat, 18 Apr 2009 21:25:56 +0300 Message-ID: Subject: Re: [Qemu-devel] index out of bounds in qemu-0.10.2 From: Blue Swirl Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org, Andrzej Zaborowski On 4/17/09, Sergei Steshenko wrote: > Hello, > > I am compiling qemu-0.10.2 using the attached autogenerated 'configure' > wrapper (if anybody is interested in 'configure' command line options I'= m > using_. > > I am using self-built gcc-4.3.3, my OS is SUSE 10.3, 32 bits. > > While running 'make' I've noticed this: > > 41 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/twl92230.c: In = function =E2=80=98menelaus_load=E2=80=99: > 42 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:114: warni= ng: array subscript is above array bounds > 43 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:114: warni= ng: array subscript is above array bounds > 44 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:114: warni= ng: array subscript is above array bounds > 45 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/twl92230.c: In = function =E2=80=98menelaus_save=E2=80=99: > 46 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:94: warnin= g: array subscript is above array bounds > 47 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:94: warnin= g: array subscript is above array bounds > 48 /mnt/sdb8/sergei/AFSWD_debug/build/qemu-0.10.2/hw/hw.h:94: warnin= g: array subscript is above array bounds > . > > Once I had the same warnings compiling my own code, and 'gcc' was correc= t, > so most likely it's correct in this case too. > > If so, please fix this. My gcc and even sparse is completely silent, strange. It's because of this area: uint8_t dcdc[3]; is saved like this: qemu_put_8s(f, &s->dcdc[3]); qemu_put_8s(f, &s->dcdc[3]); qemu_put_8s(f, &s->dcdc[3]); and loaded like this: qemu_get_8s(f, &s->dcdc[3]); qemu_get_8s(f, &s->dcdc[3]); qemu_get_8s(f, &s->dcdc[3]); which is of course wrong.