<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 15, 2016 at 10:56 AM, Björn Brandenburg <span dir="ltr"><<a href="mailto:bbb@mpi-sws.org" target="_blank">bbb@mpi-sws.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span><br>
> On 15 Jul 2016, at 01:49, Roohollah <<a href="mailto:roohollahamiri@u.boisestate.edu" target="_blank">roohollahamiri@u.boisestate.edu</a>> wrote:<br>
><br>
> I am trying to compile liblitmus, the latest version. But I am getting the following error:<br>
><br>
> src/migration.c:83:27: error: array subscript is below array bounds [-Werror=array-bounds]<br>
><br>
> I am using Fedora 24, gcc-6.1.1 . Is there any one know how to solve that problem?<br>
<br>
<br>
</span>Looks like there’s an out-of-bounds access in Glenn’s domain parsing code.<br>
<br>
<a href="https://github.com/LITMUS-RT/liblitmus/blob/master/src/migration.c#L83" rel="noreferrer" target="_blank">https://github.com/LITMUS-RT/liblitmus/blob/master/src/migration.c#L83</a><br>
<br>
However, Mahir recently patched that loop and changed one of the indices. Perhaps the patch was incomplete?<br>
<br>
<a href="https://github.com/LITMUS-RT/liblitmus/commit/322eaadaa95b4f64f4102a9bc6aaa2237401ae41" rel="noreferrer" target="_blank">https://github.com/LITMUS-RT/liblitmus/commit/322eaadaa95b4f64f4102a9bc6aaa2237401ae41</a><br>
<br>
Mahir, can you please look into this?<br></blockquote><div><br></div><div>The change is incorrect. It should be 8 because the last chunk doesn't have a trailing comma. Consider the following example:</div><div><br></div><div>buf="xxx,xxxxxxxx,xxxxxxxx"</div><div>We want to parse it backwards starting with the last 8 characters.</div><div>At line 67, "chunk_str = buf + len - 8" gives the correct behavior (chunk_str = "xxxxxxxx").</div><div><div><span style="white-space:pre-wrap">"</span>chunk_str = buf + len - 9" ends up giving (chunk_str = ",xxxxxxxx").</div></div><div><br></div><div>On the other hand, the exit condition in the do-while loop is relying on out-of-bounds pointer arithmetic which is undefined in the C standard. I'm guessing the warning is something that was recently introduced in GCC.</div><div><br></div><div>The loop can just be rewritten as follows to avoid the use of undefined behaviour (I leave the correct patching to Mahir). Hopefully this removes the issue:</div><div><br></div><div><div> /* process LSB chunks first (at the end of the str) and move backward */</div><div> chunk_str = buf + len;</div><div> i = 0;</div><div> do</div><div> {</div><div> unsigned long chunk;</div><div> chunk_str -= 9;</div><div> if(chunk_str < buf)</div><div> chunk_str = buf; /* when MSB mask is less than 8 chars */</div><div> chunk = strtoul(chunk_str, NULL, 16);</div><div> while (chunk) {</div><div> int j = ffsl(chunk) - 1;</div><div> int x = i*32 + j;</div><div> CPU_SET_S(x, *sz, *set);</div><div> chunk &= ~(1ul << j);</div><div> }</div><div> i += 1;</div><div> } while(chunk_str > buf);</div></div></div><div><br></div><div>(Please do review this carefully though.) Thanks!</div></div></div>