On 08/26/2011 02:52 PM, Dan Carpenter wrote:
Smatch complains about a lot of things in this new driver, but I
thought you'd want to fix this:
drivers/staging/rtl8192e/r8192E_cmdpkt.c +412 cmpk_message_handle_rx(70)
error: buffer overflow 'priv->stats.rxcmdpkt' 4<= 7
407 RT_TRACE(COMP_CMDPKT, "---->cmpk_message_handle_rx():"
408 "unknow CMD Element\n");
409 return 1;
410 }
411
412 priv->stats.rxcmdpkt[element_id]++;
^^^^^^^^^^
->stats.rxcmdpkt[] only has 4 elements, but from the switch statement
in the section before we can see that element_id can go up to 7
(RX_TX_RATE_HISTORY).
Dan,
Thanks for the heads-up. I was unaware of smatch, but I am now building it here.
Would it be OK with you if the commit message below was used?
Larry
=============================================
staging: rtl9102e: Fix array overrun
Smatch outputs the following message:
drivers/staging/rtl8192e/r8192E_cmdpkt.c +412 cmpk_message_handle_rx(70)
error: buffer overflow 'priv->stats.rxcmdpkt' 4 <= 7
407 RT_TRACE(COMP_CMDPKT,
"---->cmpk_message_handle_rx():"
408 "unknow CMD Element\n");
409 return 1;
410 }
411
412 priv->stats.rxcmdpkt[element_id]++;
^^^^^^^^^^
->stats.rxcmdpkt[] only has 4 elements, but from the switch statement
in the section before we can see that element_id can go up to 7
(RX_TX_RATE_HISTORY).
From: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
