Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Nov 2020 13:16:13 +0200
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        xtouqh@hotmail.com
Cc:        Hans Petter Selasky <hps@selasky.org>, hackers@freebsd.org
Subject:   Re: KASSERT(val != 0) not triggering in linux_errno.c reading outside of array
Message-ID:  <20201103111613.GP2654@kib.kiev.ua>
In-Reply-To: <AM0PR06MB3986D1AA1E59725F4D677727C0110@AM0PR06MB3986.eurprd06.prod.outlook.com>
References:  <AM0PR06MB39867F0AE62A737D2EE596F5C0110@AM0PR06MB3986.eurprd06.prod.outlook.com> <77d2eef0-9cc8-aa39-6d28-a7fb41e233ac@selasky.org> <AM0PR06MB398671E9C991E0A1B4223660C0110@AM0PR06MB3986.eurprd06.prod.outlook.com> <c87d3aef-7a66-48bb-ca9e-fe4ae4e9f1d3@selasky.org> <AM0PR06MB3986D1AA1E59725F4D677727C0110@AM0PR06MB3986.eurprd06.prod.outlook.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 03, 2020 at 01:17:51PM +0300, xtouqh@hotmail.com wrote:
> Hans Petter Selasky wrote:
> > Hi,
> > 
> > Should:
> > 
> >          for (i = 1; i < sizeof(linux_errtbl); i++) {
> > 
> > Be:
> > 
> >          for (i = 1; i < sizeof(linux_errtbl)/sizeof(linux_errtbl[0]);
> > i++) {
> > 
> > 
> > Or:
> > 
> >          for (i = 1; i < (int)nitems(linux_errtbl); i++) {
> 
> That's right, and I added the same comment in the review.  My question is
> different though -- with the issue present, KASSERT() should have triggered
> (there are 0 values with incorrect indexes, added printf() confirms that)
> exposing the bug, but it does not -- WHY? -- I just want to understand
> what's going on.

I think this is a poster child for the current undefined behaviour treatment
by compilers.  You are accessing beyond array last element, and compiler can
prove it, so it allowed to do anything.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201103111613.GP2654>