http://bugzilla.kernel.org/show_bug.cgi?id=13547 Summary: Buffer overrun in FlashPoint.c Product: SCSI Drivers Version: 2.5 Kernel Version: 2.6.30 Platform: All OS/Version: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Other AssignedTo: scsi_drivers-other@xxxxxxxxxxxxxxxxxxxx ReportedBy: ettl.martin@xxxxxx Regression: No Hi, i detected a possible buffer overrun in File linux-2.6.30/drivers/scsi/FlashPoint.c I used the static code analysis tool cppcheck to detect this. It printed the following message: [linux-2.6.30/drivers/scsi/FlashPoint.c:1222]: (all) Buffer overrun Lets take a look at line 1222: // ... for (thisCard = 0; thisCard <= MAX_CARDS; thisCard++) { if (thisCard == MAX_CARDS) { return FAILURE; } 1222 if (FPT_BL_Card[thisCard].ioPort == ioport) { CurrCard = &FPT_BL_Card[thisCard]; FPT_SccbMgrTableInitCard(CurrCard, thisCard); break; } // ... The for loop terminates when thisCard <= MAX_CARDS. MAX_CARDS is defined as 8 in this file. Here there are 9 iterations made. This is one to much. A possible solution to avoid this: for (thisCard = 0; thisCard < MAX_CARDS; thisCard++) { Best regards Ettl Martin -- Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
