[PATCH] Updates for stricter automatic memcpy bounds checking

Nick Kralevich nnk at google.com
Sun Apr 12 16:26:30 EDT 2015


On Sun, Apr 12, 2015 at 12:53 AM, Arik Nemtsov <arik at wizery.com> wrote:
> >                 struct {
> > +                       u8 unused;
> >                         /* only variable items: SSID, Supported rates */
> > -                       u8 variable[0];
> > +                       u8 variable[];
> >                 } STRUCT_PACKED probe_req;
>
> Isn't this introducing a bug? This piece of code will now point to the
> wrong location I believe:
>
> ie = mgmt->u.probe_req.variable;

Yes, I believe this is a bug. I updated the patch to avoid changing
this structure, since I couldn't figure out a clean way to fix it
properly. gcc doesn't support the use of a flexible array element as
the only element of a structure
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53548)


More information about the HostAP mailing list