Interesting:
Here's the code lines:
...
irsp->un.ulpWord[5],
*(((uint32_t *)irsp) + 6),
...
it's not tripping on the ulpWord[5] line - which is what you would
think, but rather the "+6" line. Given that the structure size for
irsp is certainly big enough, this has to be some loss of "object"
context in the compiler.
E.g: it wouldn't surprise me if there's a base register that
contains the address of irsp (%reg) and that the un.ulpWord[5]
results in a displacement on the pointer (e.g. "20(%reg)" ),
and that the ptr+6 also results in something similar
(e.g. "24(%reg)") - and the range checking code assumed the
context un.ulpWord meant ?(%reg), and lost track of the type
or object difference between the next instruction that happened
to have a ? that was too big for the array.
-- james s
James Bottomley wrote:
On Thu, 2008-09-25 at 11:14 +0300, Meelis Roos wrote:
Noticed this wgile compiling 2.6.27-rc7+git on sparc64 - maybe it is of
interest.
CC [M] drivers/scsi/lpfc/lpfc_sli.o
drivers/scsi/lpfc/lpfc_sli.c: In function 'lpfc_sli_poll_fcp_ring':
drivers/scsi/lpfc/lpfc_sli.c:1365: warning: array subscript is above array bounds
drivers/scsi/lpfc/lpfc_sli.c:1365: warning: array subscript is above array bounds
drivers/scsi/lpfc/lpfc_sli.c: In function 'lpfc_sli_handle_fast_ring_event':
drivers/scsi/lpfc/lpfc_sli.c:1541: warning: array subscript is above array bounds
drivers/scsi/lpfc/lpfc_sli.c:1541: warning: array subscript is above array bounds
As best I can tell this is a bogus warning ... it triggers on x86 as
well, but I can't find any reason gcc should think there's an array
bounds error.
James
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
