bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-4.3 bug report


From: Eric Blake
Subject: Re: bash-4.3 bug report
Date: Mon, 14 Apr 2014 09:19:46 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

On 04/14/2014 08:50 AM, Chet Ramey wrote:
> On 4/14/14, 5:34 AM, David Binderman wrote:
>> Hello there,
>>
>>  [bind.c:2238]: (style) Array index 'j' is used before limits check.
>>
>> Source code is
>>
>>           for (j = 0; invokers[j] && j < 5; j++)
>>
>> Suggest new code
>>
>>           for (j = 0; (j < 5) && (invokers[j] != NULL); j++)
> 
> Can you give me a use case for which this makes a difference?

It silences static code checkers and avoids undefined C behavior.

Also, if invokers[] is allocated such that it ends on the end of a page
boundary (such as might be the case under certain malloc debuggers),
then doing the bounds check first will avoid an out-of-bounds access
causing a SEGFAULT.

But in the normal case, when invokers[] is NOT at the end of the page,
the out-of-bounds access will read unspecified memory, but the result of
that read will either be 0 (short-circuiting the bounds check) or
non-zero where the bounds check fails, so even if you leave the
undefined behavior in place, in practice you will usually get the same
result as the defined behavior achieved by swapping things to do the
bounds check first.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]