Re: 2.6.28-rc3: usb_hcd_poll_rh_status: array subscript is above array bounds

[Andrey Borzenkov]

On Monday 03 November 2008, Alan Stern wrote:
> On Mon, 3 Nov 2008, Andrey Borzenkov wrote:
> 
> >   CC [M]  drivers/usb/core/hcd.o
> > /home/bor/src/linux-git/drivers/usb/core/hcd.c: In function â??usb_hcd_poll_rh_statusâ??:
> > /home/bor/src/linux-git/arch/x86/include/asm/string_32.h:75: warning: array subscript is above array bounds
> > 
> > It is likely that issue is actually in string_32.h as similar errors are
> > in oher places as well.
> 
> I think this is actually a compiler bug.  It certainly has nothing to
> do with USB.  There was a discussion about it a month or so ago on
> LKML.
> 



Yes this really looks like a compiler bug, "length" hardly can be considered
constant expression even using very broad definition of "constant".

What is interesting though, it appears that compiler believes length has
value of 5. So it will copy one extra byte; and possibly pass incorrect
length to the caller. I cannot judge whether this garbage can do any harm.

Dp you know if it was ever reported to gcc folks?

Attachment: signature.asc
Description: This is a digitally signed message part.