From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Date: Tue, 17 Mar 2015 09:17:28 +0000 Subject: [patch 2/2 v2] serial: jsm: some off by one bugs Message-Id: <20150317091728.GA19685@mwanda> List-Id: References: <20150316174743.GB6037@oc0812247204.ltc.br.ibm.com> In-Reply-To: <20150316174743.GB6037@oc0812247204.ltc.br.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Thadeu Lima de Souza Cascardo Cc: Greg Kroah-Hartman , Jiri Slaby , linux-serial@vger.kernel.org, kernel-janitors@vger.kernel.org "brd->nasync" amd "brd->maxports" are the same. They hold the number of filled out channels in the brd->channels[] array. These tests should be ">=" instead of ">" so that we don't read one element past the end. Signed-off-by: Dan Carpenter --- v2: Thadeu Cascardo noticed another off by one that I missed. diff --git a/drivers/tty/serial/jsm/jsm_cls.c b/drivers/tty/serial/jsm/jsm_cls.c index bfb0681..4eb12a9 100644 --- a/drivers/tty/serial/jsm/jsm_cls.c +++ b/drivers/tty/serial/jsm/jsm_cls.c @@ -570,7 +570,7 @@ static inline void cls_parse_isr(struct jsm_board *brd, uint port) * verified in the interrupt routine. */ - if (port > brd->nasync) + if (port >= brd->nasync) return; ch = brd->channels[port]; diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c index 7291c21..932b2ac 100644 --- a/drivers/tty/serial/jsm/jsm_neo.c +++ b/drivers/tty/serial/jsm/jsm_neo.c @@ -724,7 +724,7 @@ static inline void neo_parse_isr(struct jsm_board *brd, u32 port) if (!brd) return; - if (port > brd->maxports) + if (port >= brd->maxports) return; ch = brd->channels[port]; @@ -840,7 +840,7 @@ static inline void neo_parse_lsr(struct jsm_board *brd, u32 port) if (!brd) return; - if (port > brd->maxports) + if (port >= brd->maxports) return; ch = brd->channels[port]; @@ -1180,7 +1180,7 @@ static irqreturn_t neo_intr(int irq, void *voidbrd) */ /* Verify the port is in range. */ - if (port > brd->nasync) + if (port >= brd->nasync) continue; ch = brd->channels[port];