bug report: fusion: odd range check in mptbase

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

* bug report: fusion: odd range check in mptbase
@ 2010-03-28 11:26 Dan Carpenter
  2010-03-31 12:48 ` Desai, Kashyap
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2010-03-28 11:26 UTC (permalink / raw)
  To: Eric Moore; +Cc: support, DL-MPTFusionLinux, linux-scsi

Hi, I'm just going through some Smatch results and couldn't figure out
what to do with this:

drivers/message/fusion/mptbase.c +7850 mpt_sas_log_info() 'originator_str' 3 <= 3
  7846          if ((sas_loginfo.dw.bus_type != 3 /*SAS*/) &&
  7847              (sas_loginfo.dw.originator < ARRAY_SIZE(originator_str)))
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^			

  7848                  return;
  7849
  7850          originator_desc = originator_str[sas_loginfo.dw.originator];
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If sas_loginfo.dw.originator is == ARRAY_SIZE(originator_str) that would
be a buffer overflow on line 7850.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread

* RE: bug report: fusion: odd range check in mptbase
  2010-03-28 11:26 bug report: fusion: odd range check in mptbase Dan Carpenter
@ 2010-03-31 12:48 ` Desai, Kashyap
  0 siblings, 0 replies; 2+ messages in thread
From: Desai, Kashyap @ 2010-03-31 12:48 UTC (permalink / raw)
  To: Dan Carpenter, Moore, Eric
  Cc: Support, Software, DL-MPT Fusion Linux,
	linux-scsi@vger.kernel.org

Dan,

This catch is correct. I would rework and post the patch to upstream.

Thanks,
Kashyap

> -----Original Message-----
> From: Dan Carpenter [mailto:error27@gmail.com]
> Sent: Sunday, March 28, 2010 4:57 PM
> To: Moore, Eric
> Cc: Support, Software; DL-MPT Fusion Linux; linux-scsi@vger.kernel.org
> Subject: bug report: fusion: odd range check in mptbase
> 
> Hi, I'm just going through some Smatch results and couldn't figure out
> what to do with this:
> 
> drivers/message/fusion/mptbase.c +7850 mpt_sas_log_info()
> 'originator_str' 3 <= 3
>   7846          if ((sas_loginfo.dw.bus_type != 3 /*SAS*/) &&
>   7847              (sas_loginfo.dw.originator <
> ARRAY_SIZE(originator_str)))
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> 
>   7848                  return;
>   7849
>   7850          originator_desc =
> originator_str[sas_loginfo.dw.originator];
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> If sas_loginfo.dw.originator is == ARRAY_SIZE(originator_str) that
> would
> be a buffer overflow on line 7850.
> 
> regards,
> dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-03-31 12:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-28 11:26 bug report: fusion: odd range check in mptbase Dan Carpenter
2010-03-31 12:48 ` Desai, Kashyap

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox