On Sun, Jul 02, 2023 at 12:19:11AM +0200, Uwe Kleine-König wrote: > Hello Alan, > > On Sat, Jul 01, 2023 at 02:54:46PM -0400, Alan Stern wrote: > > wIndex should never be == 0 or > max_root_hub in the cases where rh gets > > used; such values would be meaningless. But we don't control the value > > of wIndex, because it can come from userspace. So we can't simply > > assume it will always be valid; it has to be checked. > > > > That being understood, the changes Zhang is making here are meant mostly > > to prevent UBSAN and the compiler from complaining or making false > > assumptions. The actual checks on wIndex occur later in the subroutine. > > I'm guilty of not having looked at all on that function, but it sounds > wrong to me to calculate values from some untrusted input and only > later validate the input. It should be the other way round, shouldn't > it? This is calling for compiler optimisations stepping on your toes. Six of one, half a dozen of the other. In the end I don't think it makes much difference; it basically comes down to personal choice. Which is fine, provided the final choice is one of the correct ones. Alan Stern
