(dropped Inaky from CC, he's not involved in WUSB any more). Dan Carpenter wrote: > drivers/usb/wusbcore/devconnect.c +462 __wusbhc_keep_alive(34) error: buffer overflow 'ie->bDeviceAddress' 4 <= 5 > 439 for (cnt = 0; > 440 keep_alives <= WUIE_ELT_MAX && cnt < wusbhc->ports_max; > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > This should be "keep_alives < WUIE_ELT_MAX". Yeah. > 459 } > 460 } > 461 if (keep_alives & 0x1) /* pad to even number ([WUSB] section 7.5.9) */ > 462 ie->bDeviceAddress[keep_alives++] = 0x7f; > > The case where keep_alives is too big should be handled at the > end of the array. I'm not sure how to do it. I'm not sure what you mean here. WUIE_ELT_MAX is an even number so we'll never try to pad beyond the end of the array. David -- David Vrabel, Senior Software Engineer, Drivers CSR, Churchill House, Cambridge Business Park, Tel: +44 (0)1223 692562 Cowley Road, Cambridge, CB4 0WZ http://www.csr.com/ Member of the CSR plc group of companies. CSR plc registered in England and Wales, registered number 4187346, registered office Churchill House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
