Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 May 2013 08:46:14 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Core John warnings (was: new warnings with gcc 4.8.0)

On Thu, May 02, 2013 at 12:10:47AM +0200, magnum wrote:
> On 10 Apr, 2013, at 2:07 , magnum <john.magnum@...hmail.com> wrote:
> > On 10 Apr, 2013, at 1:44 , magnum <john.magnum@...hmail.com> wrote:
> >>> DES_std.c: In function ?DES_std_set_key?:
> >>> DES_std.c:631:17: warning: array subscript is above array bounds [-Warray-bounds]
> >>>  while (DES_key[i++]) k += 2;
> >>>                ^
> >> 
> >> In core John this is line 630:17. If I bump the definition by 2 (1 is not enough), the warning go away. But that is obviously not likely a real fix
> 
> Solar,
> 
> The inc.c warnings seen with gcc-4.8.0 is gone now but the above is still there. Is it a bogus warning? Can it be avoided?

I think it is bogus, and I don't see why bumping the array size up by 2
makes it go away as you say (I did not verify).  DES_key is declared to
be of 16 chars, but only first 9 should ever be accessed.

I'd rather not hurry to patch this warning in some way.  Let's see if
gcc gets fixed.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ