[PATCH] libata: fix out-of-bounds access in pata_oldpiix.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The "pata_oldpiix" driver in linux-2.6.26 is calling its "set_dmamode" routine also locally, but under different preconditions as the corresponding call in libata-core.c. This may cause an "out-of-array bounds" access in "oldpiix_set_dmamode".


Signed-off-by: Dave Mueller <dave.mueller@xxxxxx>

diff -dpurN a/drivers/ata/pata_oldpiix.c b/drivers/ata/pata_oldpiix.c
--- a/drivers/ata/pata_oldpiix.c   2008-07-18 08:13:38.000000000 +0200
+++ b/drivers/ata/pata_oldpiix.c   2008-07-18 08:18:45.000000000 +0200
@@ -198,7 +198,7 @@ static unsigned int oldpiix_qc_issue(str

        if (adev != ap->private_data) {
                oldpiix_set_piomode(ap, adev);
-               if (adev->dma_mode)
+               if (adev->dma_mode != 0xff)
                        oldpiix_set_dmamode(ap, adev);
        }
        return ata_sff_qc_issue(qc);

--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux