Mailinglist Archive: opensuse-bugs (7967 mails)

< Previous Next >
[Bug 242049] New: DirectFB-0.9.25-42 : array subscript is above array bounds
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 4 Feb 2007 14:44:45 -0700 (MST)
  • Message-id: <bug-242049-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=242049

Summary: DirectFB-0.9.25-42 : array subscript is above array
bounds
Product: openSUSE 10.3
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: dcb314@xxxxxxxxxxx
QAContact: qa@xxxxxxx


I just tried to compile package DirectFB-0.9.25-42
with the GNU C compiler version 4.3 snapshot 20070202.

The compiler said

serialmouse.c:443: warning: array subscript is above array bounds

The source code is

if (FD_ISSET (fd, &set) && (readlen = read (fd, buf, 8) > 0)) {
while (readlen--) {
if (buf[8-readlen] == 0x4D)

so readlen is in the range [1..8] after the first if, and it is in the
range [ 0..7] after the while statement.

This then means that the index into the buf array is [8..1], but

char buf[8];

This looks like an off by one error. Suggest code rework.


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

< Previous Next >