From 87c44482d0e859759813ad232227623cc9a5384b Mon Sep 17 00:00:00 2001 From: Simon Arlott Date: Sat, 6 Feb 2016 15:50:17 +0000 Subject: [PATCH] ircd: chmode: Avoid referencing beyond the end of the flags_list array in set_channel_mode We're setting flags to flags_list[3] at the end of the loop, but the array only has 3 elements. Unless the compiler optimises this away (because flags will not be used again) we're accessing memory beyond the end of the array. With gcc-4.9: chmode.c: In function 'set_channel_mode': chmode.c:1548:54: warning: iteration 2u invokes undefined behavior [-Waggressive-loop-optimizations] for(j = 0, flags = flags_list[0]; j < 3; j++, flags = flags_list[j]) ^ chmode.c:1548:2: note: containing loop for(j = 0, flags = flags_list[0]; j < 3; j++, flags = flags_list[j]) Explicitly set "flags = flags_list[j]" at the start of each loop iteration, which will avoid referencing off the end of the array. --- ircd/chmode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ircd/chmode.c b/ircd/chmode.c index f1c32b6d..4759d318 100644 --- a/ircd/chmode.c +++ b/ircd/chmode.c @@ -1747,8 +1747,9 @@ set_channel_mode(struct Client *client_p, struct Client *source_p, source_p->name, source_p->username, source_p->host, chptr->chname); - for(j = 0, flags = flags_list[0]; j < 3; j++, flags = flags_list[j]) + for(j = 0; j < 3; j++) { + flags = flags_list[j]; cur_len = mlen; mbuf = modebuf + mlen; pbuf = parabuf;