https://bugzilla.kernel.org/show_bug.cgi?id=216020 --- Comment #3 from Alan Stern (stern@xxxxxxxxxxxxxxxxxxx) --- The warnings about ene_ub6250.c are accurate. The driver uses (EntryOffset % 512) to index a 512-byte buffer and dereferences a 16-bit value at that location, without checking for proper alignment. It then dereferences another 16-bit value located 10 bytes farther on, without checking for overflow. Not having the specs for this type of device, I don't know how this is meant to work. Perhaps EntryOffset % 512 is always supposed to be 0. But perhaps not, so I don't want to make any hasty changes. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
