Change in libosmocore[master]: WIP: Attempt to avoid bogus gcc-8.2 array-bounds warning/error

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Sun Jan 20 09:41:06 UTC 2019 

Harald Welte has uploaded this change for review. ( https://gerrit.osmocom.org/12641


Change subject: WIP: Attempt to avoid bogus gcc-8.2 array-bounds warning/error
......................................................................

WIP: Attempt to avoid bogus gcc-8.2 array-bounds warning/error

gcc-8.2 is printing the following warning, which is an error
when used -Werror like our --enable-werror:

In file included from gprs_bssgp.c:34:
In function ‘tl16v_put’,
    inlined from ‘tvlv_put.part.3’ at ../../include/osmocom/gsm/tlv.h:156:9,
    inlined from ‘tvlv_put’ at ../../include/osmocom/gsm/tlv.h:147:24,
    inlined from ‘msgb_tvlv_push’ at ../../include/osmocom/gsm/tlv.h:386:2,
    inlined from ‘bssgp_tx_dl_ud’ at gprs_bssgp.c:1162:4:
../../include/osmocom/gsm/tlv.h:131:2: error: ‘memcpy’ forming offset [11, 130] is out of the bounds [0, 10] of object ‘mi’ with type ‘uint8_t[10]’ {aka ‘unsigned char[10]’} [-Werror=array-bounds]
  memcpy(buf, val, len);

Where "130" sems to be the maximum value of uint8_t, shifted right one +
2.  But even if we use strnlen() with "16" as maximum upper bound, gcc
still believes there's a way that the return value of gsm48_generate_mid_from_imsi()
could be 130.  In fact, even when adding OSMO_ASSERTs inside
gsm48_generate_mid(), gcc insists there is a problem :(

Change-Id: Ic8488bc7f77dc9182e372741b88f0f06100dddc9
---
M src/gsm/gsm48.c
1 file changed, 4 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/41/12641/1

diff --git a/src/gsm/gsm48.c b/src/gsm/gsm48.c
index 795e98b..7e2564a 100644
--- a/src/gsm/gsm48.c
+++ b/src/gsm/gsm48.c
@@ -644,13 +644,15 @@
  *  \returns number of bytes used in \a buf */
 uint8_t gsm48_generate_mid(uint8_t *buf, const char *id, uint8_t mi_type)
 {
-	uint8_t length = strnlen(id, 255), i, off = 0, odd = (length & 1) == 1;
+	uint8_t length = strnlen(id, 16), i, off = 0, odd = (length & 1) == 1;
+	/* maximum length == 16 */
 
 	buf[0] = GSM48_IE_MOBILE_ID;
 	buf[2] = osmo_char2bcd(id[0]) << 4 | (mi_type & GSM_MI_TYPE_MASK) | (odd << 3);
 
 	/* if the length is even we will fill half of the last octet */
 	buf[1] = (length + (odd ? 1 : 2)) >> 1;
+	/* buf[1] maximum = 18/2 = 9 */
 
 	for (i = 1; i < buf[1]; ++i) {
 		uint8_t upper, lower = osmo_char2bcd(id[++off]);
@@ -662,6 +664,7 @@
 		buf[2 + i] = (upper << 4) | lower;
 	}
 
+	/* maximum return value: 2 + 9 = 11 */
 	return 2 + buf[1];
 }
 

-- 
To view, visit https://gerrit.osmocom.org/12641
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic8488bc7f77dc9182e372741b88f0f06100dddc9
Gerrit-Change-Number: 12641
Gerrit-PatchSet: 1
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190120/1f332bc1/attachment.htm>

More information about the gerrit-log mailing list