[PATCH] Updates for stricter automatic memcpy bounds checking
Arik Nemtsov
arik
Mon Apr 13 01:13:31 PDT 2015
On Sun, Apr 12, 2015 at 11:26 PM, Nick Kralevich <nnk at google.com> wrote:
> On Sun, Apr 12, 2015 at 12:53 AM, Arik Nemtsov <arik at wizery.com> wrote:
>> > struct {
>> > + u8 unused;
>> > /* only variable items: SSID, Supported rates */
>> > - u8 variable[0];
>> > + u8 variable[];
>> > } STRUCT_PACKED probe_req;
>>
>> Isn't this introducing a bug? This piece of code will now point to the
>> wrong location I believe:
>>
>> ie = mgmt->u.probe_req.variable;
>
> Yes, I believe this is a bug. I updated the patch to avoid changing
> this structure, since I couldn't figure out a clean way to fix it
> properly. gcc doesn't support the use of a flexible array element as
> the only element of a structure
> (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548)
Looks good. Yea I guess the simplest solution is to just avoid
verification here for now.
Arik
More information about the Hostap
mailing list