Re: [PATCH] password: Fix warning with empty default password - Uwe Kleine-König

From: "Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>
To: David Dgien <dgienda125@gmail.com>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH] password: Fix warning with empty default password
Date: Wed, 20 May 2020 08:26:32 +0200	[thread overview]
Message-ID: <20200520062632.hfbmedgtofv6y665@pengutronix.de> (raw)
In-Reply-To: <20200520035555.84422-1-dgienda125@gmail.com>

On Tue, May 19, 2020 at 11:55:55PM -0400, David Dgien wrote:
> When CONFIG_PASSWORD_DEFAULT is unset, the default_passwd buffer is set

I assume you mean "If CONFIG_PASSWORD_DEFAULT is set to an empty
string".

> to the empty string. The read_default_passwd() function wants to read at
> least two characters from that buffer, causing GCC to generate an array
> bounds warning.

I cannot reproduce that warning. Which gcc version do you use and on
which platform? Mentioning the exact warning in the commit log helps
finding the resulting commit when searching for a fix.

> Make the default_passwd buffer have at least 2 bytes so
> this warning is not generated.
> 
> Since the read_default_passwd() function is only called when
> default_passwd is not the empty string, this is not a functional change.

I don't understand the problem for the empty password. With
default_passwd = "" we have strlen(default_passwd) = 0 so the for loop
doesn't run at all.

As I understand the code (at commit c10b20dc83ac) for uneven lengths of
default_passwd the last accessed byte is the trailing '\0' and for even
length it's the byte before the trailing '\0'. This should be ok?!

Am I missing something?

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox