On Thu, Dec 15, 2005 at 11:11:53PM +0000, Jon Burgess wrote:
> Wolfgang Rohdewald wrote:
> >On Freitag 09 Dezember 2005 19:28, Jon Burgess wrote:
> >
> >>Jan K?mpe wrote:
> >>
> >>>int dvb_usb_get_hexline(const struct firmware *fw, struct hexline *hx,
> >>>int *pos)
> >>>{
> >>>- u8 *b = (u8 *) &fw->data[*pos];
> >>> int data_offs = 4;
> >>> if (*pos >= fw->size)
> >>> return 0;
> >>>
> >>>+ u8 *b = (u8 *) &fw->data[*pos];
> >>> memset(hx,0,sizeof(struct hexline));
> >>
> >>I don't see why this change is needed and it breaks on older GCC.
> >
> >
> >if *pos >= fw->size, data[*pos] will access unallocated memory behind data.
>
> You are right in principle, but I believe that doing &foo[x] just gives
> you the address of the item, you don't actually do an out-of-bounds
> access until you actually dereference the pointer. The change makes the
> code look more correct, but I don't think you'll ever see this causing a
> crash or illegal access in practice since the check for (pos > fw->size)
> is done before the dereference.
One can avoid any uncertainty by writing it as:
u8 *b = fw->data + *pos;
BTW, the (u8 *) cast is unnecessary.
Johannes
