From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752514AbdC0Lis (ORCPT <rfc822;w@1wt.eu>);
        Mon, 27 Mar 2017 07:38:48 -0400
Received: from s3.sipsolutions.net ([5.9.151.49]:46588 "EHLO sipsolutions.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751652AbdC0Lin (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Mar 2017 07:38:43 -0400
Message-ID: <1490614716.3393.6.camel@sipsolutions.net>
Subject: Re: [PATCH] cfg80211: Fix array-bounds warning in fragment copy
From: Johannes Berg <johannes@sipsolutions.net>
To: Felix Fietkau <nbd@nbd.name>, Matthias Kaehlcke <mka@chromium.org>,
        "David S . Miller" <davem@davemloft.net>,
        Felix Fietkau <nbd@openwrt.org>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        Grant Grundler <grundler@chromium.org>
Date: Mon, 27 Mar 2017 13:38:36 +0200
In-Reply-To: <5f290298-a28c-de0c-3fef-642d32b0982d@nbd.name>
References: <20170325010644.190368-1-mka@chromium.org>
         <1490611679.3393.0.camel@sipsolutions.net>
         <5f290298-a28c-de0c-3fef-642d32b0982d@nbd.name>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.22.4-1 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> > > -	const skb_frag_t *frag = &sh->frags[-1];
> > > +	const skb_frag_t *frag = &sh->frags[0];
[...]
> > > +	frag--;
> > 
> > Isn't it just a question of time until the compiler will see
> > through this trick and warn about it?
> 
> Frag is incremented again before being accessed, so there is nothing
> for the compiler to see through here.

But by that argument the existing code was already fine. The compiler
flagged it nonetheless, perhaps because it couldn't prove it was
incremented unconditionally/in all branches?

johannes