[bug report] PCI: Check BAR index for validity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Philipp Stanner,

Commit ba10e5011d05 ("PCI: Check BAR index for validity") from Mar 4,
2025 (linux-next), leads to the following Smatch static checker
warning:

	drivers/pci/devres.c:632 pcim_remove_bar_from_legacy_table()
	error: buffer overflow 'legacy_iomap_table' 6 <= 15

drivers/pci/devres.c
    621 static void pcim_remove_bar_from_legacy_table(struct pci_dev *pdev, int bar)
    622 {
    623         void __iomem **legacy_iomap_table;
    624 
    625         if (!pci_bar_index_is_valid(bar))

This line used to check PCI_STD_NUM_BARS (6) but now it's checking
PCI_NUM_RESOURCES (15).

    626                 return;
    627 
    628         legacy_iomap_table = (void __iomem **)pcim_iomap_table(pdev);
    629         if (!legacy_iomap_table)
    630                 return;
    631 
--> 632         legacy_iomap_table[bar] = NULL;
                ^^^^^^^^^^^^^^^^^^^^^^^
Leading to a buffer overflow.

    633 }

regards,
dan carpenter
[Index of Archives]     [DMA Engine]     [Linux Coverity]     [Linux USB]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Greybus]

  Powered by Linux