[FFmpeg-devel] Array bug in aes.c

Serge van den Boom svdb
Fri Jan 18 06:12:16 CET 2008 

On Jan 17, 2008, at 9:21 PM, Michael Niedermayer wrote:
> On Thu, Jan 17, 2008 at 02:16:19PM -0800, Mike Melanson wrote:
>> This comes from my blog's comments:
>>  http://multimedia.cx/eggs/up-to-date-gcc/#comment-92872
>>
>> ================
>> Well, at least one of those warnings is an actual bug:
>> /tmp/fate/source/libavutil/aes.c:133: warning: array subscript is above
>> array bounds
>>
>> In aes.c:133:
>> if(!enc_multbl[0][sizeof(enc_multbl)/sizeof(enc_multbl[0][0])-1]){
>>
>
>> I take it this was meant:
>> if(!enc_multbl[0][sizeof(enc_multbl[0])/sizeof(enc_multbl[0][0])-1]){
>
> no, this would then be an actual bug
>
> how does one disable these warnings?

I would start by not crossing any array bounds...

I understand now that you actually did intend to go beyond the bounds of
enc_multbl[0], but regardless of the fact that you know what comes after
that array, it is still bad practice to index it beyond its size.
And in fact, the C standard leaves the result of adding an integer value
to a pointer to an element of an array (which is (part of) how indexing
an array is defined) to go more than 1 element beyond the last element
as explicitely undefined. From ISO/IEC 9899:TC2, 6.5.6.8:
] If the pointer operand points to an element of an array object, and
] the array is large enough, the result points to an element offset from
] the original element such that the difference of the subscripts of the
] resulting and original array elements equals the integer expression. In
] other words, if the expression P points to the i-th element of an array
] object, the expressions (P)+N (equivalently, N+(P)) and (P)-N (where N
] has the value n) point to, respectively, the i+n-th and i n-th elements
] of the array object, provided they exist. Moreover, if the expression P
] points to the last element of an array object, the expression (P)+1
] points one past the last element of the array object, and if the
] expression Q points one past the last element of an array object, the
] expression (Q)-1 points to the last element of the array object. If both
] the pointer operand and the result point to elements of the same array
] object, or one past the last element of the array object, the evaluation
] shall not produce an overflow; otherwise, the behavior is undefined. If
] the result points one past the last element of the array object, it
] shall not be used as the operand of a unary * operator that is
] evaluated.

So I would say that gcc is quite right to give a warning.

I guess you could cast enc_multbl first:
     ((uint32_t *) enc_multbl)[sizeof(enc_multbl)/sizeof(enc_multbl[0][0]) - 1]
or
     *((uint32_t *) (&enc_multbl + 1) - 1)

But if you mean "last element of the last element of enc_multbl", why not
write that?
     enc_multbl[sizeof(enc_multbl) / sizeof(enc_multbl[0]) - 1][
             sizeof(enc_multbl[0]) / sizeof(enc_multbl[0][0]) - 1]

Regards,

Serge

More information about the ffmpeg-devel mailing list