Hi Nestor,
Smatch complains about an off by one range check here. It looks like
a bug, but I'm not sure the correct fix.
drivers/hid/hid-logitech-dj.c +278 logi_dj_recv_add_djhid_device(66)
error: buffer overflow 'djrcv_dev->paired_dj_devices' 6 <= 6
233 if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
234 (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
235 dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
236 __func__, dj_report->device_index);
237 return;
238 }
DJ_DEVICE_INDEX_MIN is 1
DJ_DEVICE_INDEX_MAX is 6
278 djrcv_dev->paired_dj_devices[dj_report->device_index] = dj_dev;
->paired_dj_devices[] has 6 elements so if dj_report->device_index is
6 we're one past the end of the array.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
