Wolfgang Rohdewald wrote:
> On Freitag 09 Dezember 2005 19:28, Jon Burgess wrote:
>
>>Jan K?mpe wrote:
>>
>>> int dvb_usb_get_hexline(const struct firmware *fw, struct hexline *hx, int *pos)
>>> {
>>>- u8 *b = (u8 *) &fw->data[*pos];
>>> int data_offs = 4;
>>> if (*pos >= fw->size)
>>> return 0;
>>>
>>>+ u8 *b = (u8 *) &fw->data[*pos];
>>> memset(hx,0,sizeof(struct hexline));
>>
>>I don't see why this change is needed and it breaks on older GCC.
>
>
> if *pos >= fw->size, data[*pos] will access unallocated memory behind data.
You are right in principle, but I believe that doing &foo[x] just gives
you the address of the item, you don't actually do an out-of-bounds
access until you actually dereference the pointer. The change makes the
code look more correct, but I don't think you'll ever see this causing a
crash or illegal access in practice since the check for (pos > fw->size)
is done before the dereference.
Jon
