The "pata_oldpiix" driver in linux-2.6.26 is calling its "set_dmamode"
routine also locally, but under different preconditions as the
corresponding call in libata-core.c. This may cause an "out-of-array
bounds" access in "oldpiix_set_dmamode".
Signed-off-by: Dave Mueller <dave.mueller@xxxxxx>
diff -dpurN a/drivers/ata/pata_oldpiix.c b/drivers/ata/pata_oldpiix.c
--- a/drivers/ata/pata_oldpiix.c 2008-07-18 08:13:38.000000000 +0200
+++ b/drivers/ata/pata_oldpiix.c 2008-07-18 08:18:45.000000000 +0200
@@ -198,7 +198,7 @@ static unsigned int oldpiix_qc_issue(str
if (adev != ap->private_data) {
oldpiix_set_piomode(ap, adev);
- if (adev->dma_mode)
+ if (adev->dma_mode != 0xff)
oldpiix_set_dmamode(ap, adev);
}
return ata_sff_qc_issue(qc);
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
