[U-Boot] fat.c:707: warning: array subscript is above array bounds
Hello,
building U-Boot with recent toolchains (like GCC-4.3.2) results in this warning:
fat.c: In function 'read_bootsectandvi': fat.c:707: warning: array subscript is above array bounds
The respective code looks like this:
fs/fat/fat.c:
705 /* Terminate fs_type string. Writing past the end of vistart 706 is ok - it's just the buffer. */ 707 vistart->fs_type[8] = '\0';
fs_type[] is declared in "include/fat.h":
143 typedef struct volume_info 144 { 145 __u8 drive_number; /* BIOS drive number */ 146 __u8 reserved; /* Unused */ 147 __u8 ext_boot_sign; /* 0x29 if fields below exist (DOS 3.3+) */ 148 __u8 volume_id[4]; /* Volume ID number */ 149 char volume_label[11]; /* Volume label */ 150 char fs_type[8]; /* Typically FAT12, FAT16, or FAT32 */ 151 /* Boot code comes next, all but 2 bytes to fill up sector */ 152 /* Boot sign comes last, 2 bytes */ 153 } volume_info;
So the comment in fs/fat/fat.c is actually correct, writing beyond the end of the string is indeed uncritical here, but it is definitely not really nice either.
I want to get rid of this warning message.
Any ideas how to deal with this?
Best regards,
Wolfgang Denk
On 23:13 Sat 13 Dec , Wolfgang Denk wrote:
Hello,
building U-Boot with recent toolchains (like GCC-4.3.2) results in this warning:
fat.c: In function 'read_bootsectandvi': fat.c:707: warning: array subscript is above array bounds
The respective code looks like this:
fs/fat/fat.c:
705 /* Terminate fs_type string. Writing past the end of vistart 706 is ok - it's just the buffer. */ 707 vistart->fs_type[8] = '\0';
why not do something like this
*(vistart + sizeof(volume_info)) = '\0';
Best Regards, J.
Dear Jean-Christophe PLAGNIOL-VILLARD,
In message 20081213222225.GN15295@game.jcrosoft.org you wrote:
705 /* Terminate fs_type string. Writing past the end of vistart 706 is ok - it's just the buffer. */ 707 vistart->fs_type[8] = '\0';
why not do something like this
*(vistart + sizeof(volume_info)) = '\0';
Because that would be terribly wrong - sizeof(volume_info) is > 23 (probably 24), and vistart is a pointer volume_info, so you would probably write some 500+ bytes beyond the end of the buffer.
Best regards,
Wolfgang Denk
Wolfgang Denk wrote:
Dear Jean-Christophe PLAGNIOL-VILLARD,
In message 20081213222225.GN15295@game.jcrosoft.org you wrote:
705 /* Terminate fs_type string. Writing past the end of vistart 706 is ok - it's just the buffer. */ 707 vistart->fs_type[8] = '\0';
why not do something like this
*(vistart + sizeof(volume_info)) = '\0';
Because that would be terribly wrong - sizeof(volume_info) is > 23 (probably 24), and vistart is a pointer volume_info, so you would probably write some 500+ bytes beyond the end of the buffer.
How about something in the same vein then
char *c = vistart->fstype; c[8] = '\0';
Cheers, Dave
Dear David Hawkins,
In message 49443C7F.3020003@ovro.caltech.edu you wrote:
In message 20081213222225.GN15295@game.jcrosoft.org you wrote:
705 /* Terminate fs_type string. Writing past the end of vistart 706 is ok - it's just the buffer. */ 707 vistart->fs_type[8] = '\0';
...
How about something in the same vein then
char *c = vistart->fstype; c[8] = '\0';
Thanks - this is what I actually did.
Best regards,
Wolfgang Denk
participants (3)
-
David Hawkins -
Jean-Christophe PLAGNIOL-VILLARD -
Wolfgang Denk