From: Clemens Ladisch <clemens@ladisch.de>
To: Jaroslav Kysela <perex@perex.cz>,
Dan Carpenter <error27@gmail.com>,
kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: bug list: range checking issues
Date: Tue, 16 Feb 2010 10:00:57 +0000 [thread overview]
Message-ID: <4B7A6CD9.10903@ladisch.de> (raw)
In-Reply-To: <20100215124046.GB18821@bicker>
Dan Carpenter wrote:
> sound/core/seq/oss/seq_oss_init.c +276 snd_seq_oss_open(102) error: buffer overflow 'client_table' 16 <= 16
False positive, probably because the source of the assignment is checked
for overflow:
195: dp->index = i;
if (i >= SNDRV_SEQ_OSS_MAX_CLIENTS) {
...
goto _error;
...
276: client_table[dp->index] = dp;
> sound/oss/sequencer.c +1638 compute_finetune(45) error: buffer overflow 'semitone_tuning' 24 <= 99
False positive; bend is at most 2399, so semitones is at most 23.
The "if (semitones > 99) semitones = 99;" check is completely bogus.
> sound/core/pcm_native.c +320 snd_pcm_hw_refine(159) warn: buffer overflow 'params->masks' 3 <= 10
This looks correct; the channels parameter is an interval, not a mask.
if (!params->fifo_size) {
if (snd_mask_min(¶ms->masks[SNDRV_PCM_HW_PARAM_FORMAT]) =
snd_mask_max(¶ms->masks[SNDRV_PCM_HW_PARAM_FORMAT]) &&
snd_mask_min(¶ms->masks[SNDRV_PCM_HW_PARAM_CHANNELS]) =
snd_mask_max(¶ms->masks[SNDRV_PCM_HW_PARAM_CHANNELS])) {
Jaroslav, I guess this should have been snd_interval_min/max?
And shouldn't the parameters be accessed with hw_param_mask/interval?
Regards,
Clemens
next prev parent reply other threads:[~2010-02-16 10:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-15 12:40 bug list: range checking issues Dan Carpenter
2010-02-15 13:47 ` Alexey Dobriyan
2010-02-15 14:04 ` Dan Carpenter
2010-02-15 22:08 ` Dave Chinner
2010-02-15 22:20 ` [PATCH] drm/nouveau: fix pramdac_table range checking Marcin Slusarz
2010-02-17 18:36 ` [Nouveau] " Francisco Jerez
2010-02-15 22:22 ` [PATCH] drm/nouveau: fix nouveau_i2c_find bounds checking Marcin Slusarz
2010-02-16 5:42 ` bug list: range checking issues Dan Carpenter
2010-02-16 10:00 ` Clemens Ladisch [this message]
2010-02-16 11:02 ` Jaroslav Kysela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B7A6CD9.10903@ladisch.de \
--to=clemens@ladisch.de \
--cc=error27@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=perex@perex.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).