Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Apr 2013 02:07:25 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Core John warnings (was: new warnings with gcc 4.8.0)

On 10 Apr, 2013, at 1:44 , magnum <john.magnum@...hmail.com> wrote:
>> DES_std.c: In function ‘DES_std_set_key’:
>> DES_std.c:631:17: warning: array subscript is above array bounds [-Warray-bounds]
>>   while (DES_key[i++]) k += 2;
>>                 ^
> 
> In core John this is line 630:17. If I bump the definition by 2 (1 is not enough), the warning go away. But that is obviously not likely a real fix

>> inc.c: In function ‘do_incremental_crack’:
>> inc.c:352:12: warning: array subscript is above array bounds [-Warray-bounds]
>>    [numbers[pos]];
>>            ^
>> inc.c:352:12: warning: array subscript is above array bounds [-Warray-bounds]
>> inc.c:405:16: warning: array subscript is above array bounds [-Warray-bounds]
>>   if (++numbers[pos] <= count) goto update_all;
>>                ^
>> inc.c:405:16: warning: array subscript is above array bounds [-Warray-bounds]
>> inc.c:405:16: warning: array subscript is above array bounds [-Warray-bounds]
>> inc.c:405:16: warning: array subscript is above array bounds [-Warray-bounds]
>> inc.c:406:10: warning: array subscript is above array bounds [-Warray-bounds]
>>   numbers[pos] = 0;
> 
> In core John these are at lines 301, 353 and 354. Again, if I bump the declaration by no less than 10(!), the warnings go away

After some more testing as well as googling gcc bugs, I lean to believing both cases are false positives.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ