[smatch stuff] iio: writing past the end of the array in adis16201_read_ring_data()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Smatch complains that there is a write past the end of the array in
adis16201_read_ring_data().  I don't know the code well enough to
fix it myself.

drivers/staging/iio/accel/adis16201_ring.c +42
	adis16201_read_ring_data(19) error: buffer overflow 'st->tx' 14 <= 14
drivers/staging/iio/accel/adis16201_ring.c +44
	adis16201_read_ring_data(21) error: buffer overflow 'st->tx' 14 <= 15

    36          for (i = 0; i <= ADIS16201_OUTPUTS; i++) {
                                 ^^^^^^^^^^^^^^^^^
	ADIS16201_OUTPUTS is 7.

    37                  xfers[i].bits_per_word = 8;
    38                  xfers[i].cs_change = 1;
    39                  xfers[i].len = 2;
    40                  xfers[i].delay_usecs = 20;
    41                  xfers[i].tx_buf = st->tx + 2 * i;
    42                  st->tx[2 * i] = ADIS16201_READ_REG(ADIS16201_SUPPLY_OUT +
                        ^^^^^^^^^^^^^
	tx has 14 elements.  7 * 2 is one past the end of the array.

    43                                                     2 * i);
    44                  st->tx[2 * i + 1] = 0;
                        ^^^^^^^^^^^^^^^^^
	We're two spaces past the end of the array here.

    45                  if (i >= 1)
    46                          xfers[i].rx_buf = rx + 2 * (i - 1);
    47                  spi_message_add_tail(&xfers[i], &msg);
    48          }

regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux