gcc 4.3 compiler warning, possible off-by-one error?

Kel Modderman kel at otaku42.de
Wed Jun 4 10:34:22 EDT 2008


Hi,

Compilation with gcc 4.3 yielded the following warnings:

../src/rsn_supp/wpa_ie.c: In function 'wpa_gen_wpa_ie':
../src/rsn_supp/wpa_ie.c:195: warning: array subscript is above array bounds
../src/rsn_supp/wpa_ie.c: In function 'wpa_parse_wpa_ie':
../src/rsn_supp/wpa_ie.c:84: warning: array subscript is above array bounds

These are caused by lines of code involving RSN_SELECTOR_GET and
RSN_SELECTOR_PUT, which seem to be macro wrapper for WPA_GET_BE32 and
WPA_PUT_BE32 respectively. WPA_GET_BE32 and WPA_PUT_BE32 seem to do things
with an array of length 4.

The first argument given to these functions is an array of length 3.

The below patch makes the warning go away, but am not sure if correct.

Thanks, Kel.
---
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -188,7 +188,7 @@
 struct wpa_ie_hdr {
 	u8 elem_id;
 	u8 len;
-	u8 oui[3];
+	u8 oui[4];
 	u8 oui_type;
 	u8 version[2]; /* little endian */
 } STRUCT_PACKED;


More information about the HostAP mailing list