On 10/08/15 18:28, H Hartley Sweeten wrote:
Coverity reports a possible Out-of-bounds access (ARRAY_VS_SINGLETON) with the 'const u8 *port' parameter passed to ni6501_port_command(). This param is an actual array for the SET_PORT_DIR operation, called by ni6501_dio_insn_config(). But for the WRITE_PORT and READ_PORT operations, called by ni6501_dio_insn_bits(), it is just the address of an u8 local variable. Fix the coverity issue by changing the parameter to an unsigned int and pass the raw values from ni6501_dio_insn_config() and ni6501_dio_insn_bits(). ni6501_port_command() then handles the masking and shifting needed to load the value into the u8 transmit buffer. For consistency, change the access of the 'bitmap' parameter from an array access to a pointer operation. Reported-by: coverity (CID 1248624) Signed-off-by: H Hartley Sweeten <hsweeten@xxxxxxxxxxxxxxxxxxx> Cc: Ian Abbott <abbotti@xxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/staging/comedi/drivers/ni_usb6501.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-)
Thanks! Reviewed-by: Ian Abbott <abbotti@xxxxxxxxx> -- -=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@xxxxxxxxx> )=- -=( Web: http://www.mev.co.uk/ )=- _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
