On Tue, May 19, 2020 at 11:55:55PM -0400, David Dgien wrote: > When CONFIG_PASSWORD_DEFAULT is unset, the default_passwd buffer is set I assume you mean "If CONFIG_PASSWORD_DEFAULT is set to an empty string". > to the empty string. The read_default_passwd() function wants to read at > least two characters from that buffer, causing GCC to generate an array > bounds warning. I cannot reproduce that warning. Which gcc version do you use and on which platform? Mentioning the exact warning in the commit log helps finding the resulting commit when searching for a fix. > Make the default_passwd buffer have at least 2 bytes so > this warning is not generated. > > Since the read_default_passwd() function is only called when > default_passwd is not the empty string, this is not a functional change. I don't understand the problem for the empty password. With default_passwd = "" we have strlen(default_passwd) = 0 so the for loop doesn't run at all. As I understand the code (at commit c10b20dc83ac) for uneven lengths of default_passwd the last accessed byte is the trailing '\0' and for even length it's the byte before the trailing '\0'. This should be ok?! Am I missing something? Best regards Uwe -- Pengutronix e.K. | Uwe Kleine-König | Industrial Linux Solutions | https://www.pengutronix.de/ | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
