On Mon, 2015-11-09 at 15:24 +0300, Dan Carpenter wrote: > Smatch complains about a possible out of bounds error: > > drivers/vfio/pci/vfio_pci_config.c:1241 vfio_cap_init() > error: buffer overflow 'pci_cap_length' 20 <= 20 > > The problem is that pci_cap_length[] was defined as large enough to > hold "PCI_CAP_ID_AF + 1" elements. The code in vfio_cap_init() assumes > it has PCI_CAP_ID_MAX + 1 elements. Originally, PCI_CAP_ID_AF and > PCI_CAP_ID_MAX were the same but then we introduced PCI_CAP_ID_EA in > f80b0ba95964 ('PCI: Add Enhanced Allocation register entries') so now > the array is too small. > > Let's fix this by making the array size PCI_CAP_ID_MAX + 1. And let's > make a similar change to pci_ext_cap_length[] for consistency. Also > both these arrays can be made const. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- Applied to next for v4.4. Thanks! Alex -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html