[PATCH] Updates for stricter automatic memcpy bounds checking
Nick Kralevich
nnk
Sun Apr 12 13:26:30 PDT 2015
On Sun, Apr 12, 2015 at 12:53 AM, Arik Nemtsov <arik at wizery.com> wrote:
> > struct {
> > + u8 unused;
> > /* only variable items: SSID, Supported rates */
> > - u8 variable[0];
> > + u8 variable[];
> > } STRUCT_PACKED probe_req;
>
> Isn't this introducing a bug? This piece of code will now point to the
> wrong location I believe:
>
> ie = mgmt->u.probe_req.variable;
Yes, I believe this is a bug. I updated the patch to avoid changing
this structure, since I couldn't figure out a clean way to fix it
properly. gcc doesn't support the use of a flexible array element as
the only element of a structure
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548)
More information about the Hostap
mailing list