Re: [PATCH] libata: Read buffer overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2009-08-03 at 13:30 +0200, Roel Kluin wrote:
> Check whether index is within bounds before grabbing the element.

This isn't a correct description or analysis.

> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> ---
> diff --git a/drivers/ata/pata_mpc52xx.c b/drivers/ata/pata_mpc52xx.c
> index 2bc2dbe..f88c2ff 100644
> --- a/drivers/ata/pata_mpc52xx.c
> +++ b/drivers/ata/pata_mpc52xx.c
> @@ -294,10 +294,11 @@ mpc52xx_ata_compute_mdma_timings(struct mpc52xx_ata_priv *priv, int dev,
>  				 int speed)
>  {
>  	struct mpc52xx_ata_timings *t = &priv->timings[dev];
> -	const struct mdmaspec *s = &priv->mdmaspec[speed];

This is a *pointer* to the element, *not* a dereference.  It's
irrelevant whether the pointer is off the end of the array or not

> +	const struct mdmaspec *s;
>  
>  	if (speed < 0 || speed > 2)
>  		return -EINVAL;

And since the check is immediately after, the pointer is never
dereferenced.

> +	s = &priv->mdmaspec[speed];

James


--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystems]     [Linux SCSI]     [Linux RAID]     [Git]     [Kernel Newbies]     [Linux Newbie]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Samba]     [Device Mapper]

  Powered by Linux