Hi Alessandro and Alexandre, Greetings, I'm a 2nd year PhD student who is interested in using UBSan to the kernel. Through some experiment, I found a out-of-bound array access in function rtc_month_days. More specifically, the through the call chain of davinci_rtc_set_time/davinci_rtc_set_alarm -> convert2days -> rtc_month_days, since davinci_rtc_set_time/davinci_rtc_set_alarm are ioctl functions, thus the 2nd parameter, struct rtc_time *tm, is passed in purely from user-space which can be any value. And such a value, tm->tm_mon is used directly as an index to a fixed length array, rtc_ydays. This looks very fishy to me. Although I know that, syzkaller has applied UBSan to this driver before, and such a simple error cannot evade its detection, I'm still wondering if this is a true error, and more importantly, if it's not, then why, this will help me understand linux a lot. Looking forward to your valued response! Best regards, Changming Liu
