Dan, This catch is correct. I would rework and post the patch to upstream. Thanks, Kashyap > -----Original Message----- > From: Dan Carpenter [mailto:error27@xxxxxxxxx] > Sent: Sunday, March 28, 2010 4:57 PM > To: Moore, Eric > Cc: Support, Software; DL-MPT Fusion Linux; linux-scsi@xxxxxxxxxxxxxxx > Subject: bug report: fusion: odd range check in mptbase > > Hi, I'm just going through some Smatch results and couldn't figure out > what to do with this: > > drivers/message/fusion/mptbase.c +7850 mpt_sas_log_info() > 'originator_str' 3 <= 3 > 7846 if ((sas_loginfo.dw.bus_type != 3 /*SAS*/) && > 7847 (sas_loginfo.dw.originator < > ARRAY_SIZE(originator_str))) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > 7848 return; > 7849 > 7850 originator_desc = > originator_str[sas_loginfo.dw.originator]; > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > If sas_loginfo.dw.originator is == ARRAY_SIZE(originator_str) that > would > be a buffer overflow on line 7850. > > regards, > dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
