Constant is used to allocate memory for a buffer, then buffer is filled upto 'size' which is passed as a parameter. If 'size' is bigger than the constant then the buffer will overflow. Function has internal linkage so this can only happen due to programmer error. BUG_ON() is designed for catching these cases. Currently there is only one call site and it is correct, adding BUG_ON() will potentially save developer time if later changes to the code are incorrect. Use BUG_ON() to guard buffer write size in function with internal linkage. Signed-off-by: Tobin C. Harding <me@xxxxxxxx> --- drivers/staging/ks7010/ks7010_sdio.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/ks7010/ks7010_sdio.c b/drivers/staging/ks7010/ks7010_sdio.c index 3403edd..06f25a7 100644 --- a/drivers/staging/ks7010/ks7010_sdio.c +++ b/drivers/staging/ks7010/ks7010_sdio.c @@ -683,6 +683,8 @@ static int ks7010_sdio_data_compare(struct ks_wlan_private *priv, u32 address, int ret; unsigned char *read_buf; + BUG_ON(size > ROM_BUFF_SIZE); + read_buf = kmalloc(ROM_BUFF_SIZE, GFP_KERNEL); if (!read_buf) return -ENOMEM; -- 2.7.4 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
