Neale Ferguson wrote:
> Similarly, in $SRC/cmd/avs/dsw/iiadm.c there are several instances of
> statements like:
>
> io->shadow_vol[DSW_NAMELEN] = '\0';
>
> shadow_vol is defined as being DSW_NAMELEN elements long so this statement is
> overwriting the byte immediately after this array (for ex
Still another - $SRC/cmd/fmli/sys/expr.c:
static char expbuf[ESIZE];
void errxx();
int num;
extern char *braslist[], *braelist[], *loc2;
compile(p, expbuf, &expbuf[512], 0, errxx);
ESIZE is defined as 256 earlier in the file yet it references the 512th ele
Similarly, in $SRC/cmd/avs/dsw/iiadm.c there are several instances of
statements like:
io->shadow_vol[DSW_NAMELEN] = '\0';
shadow_vol is defined as being DSW_NAMELEN elements long so this statement is
overwriting the byte immediately after this array (for example
bitmap_vol[DSW_NAMELEN] follo
I'm using gcc 4.5 to build my Systemz code and am getting statement 10 flagged
as possibly out of bounds. The code is in
$SRC/cmd/abi/appcert/static_prof/static_prof.c around line 127:
01 bktno = (bktno + 1) % DEFBKTS;
02 for (i = bktno; i < DEFBKTS; i = (i + 1) % DEFBKTS) {
03 if (i == orig_
