* [Bug 13547] Buffer overrun in FlashPoint.c [not found] <bug-13547-11613@https.bugzilla.kernel.org/> @ 2011-02-25 3:48 ` bugzilla-daemon 2011-03-02 19:48 ` bugzilla-daemon ` (3 subsequent siblings) 4 siblings, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2011-02-25 3:48 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=13547 --- Comment #3 from L.C. <chenliunju@gmail.com> 2011-02-25 03:48:51 --- Created an attachment (id=49072) --> (https://bugzilla.kernel.org/attachment.cgi?id=49072) Patch for bug 13547 Fix the potential bu\v er overrun by making fewer iterations in the for loop. This patch is generated automatically by the tool R2Fix. -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] Buffer overrun in FlashPoint.c [not found] <bug-13547-11613@https.bugzilla.kernel.org/> 2011-02-25 3:48 ` [Bug 13547] Buffer overrun in FlashPoint.c bugzilla-daemon @ 2011-03-02 19:48 ` bugzilla-daemon 2011-03-02 20:27 ` bugzilla-daemon ` (2 subsequent siblings) 4 siblings, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2011-03-02 19:48 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=13547 --- Comment #4 from L.C. <chenliunju@gmail.com> 2011-03-02 19:48:29 --- Created an attachment (id=49932) --> (https://bugzilla.kernel.org/attachment.cgi?id=49932) Patch for bug 13547 Fix the potential bu\v er overrun by making fewer iterations in the for loop. This patch is generated automatically by the tool R2Fix. -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] Buffer overrun in FlashPoint.c [not found] <bug-13547-11613@https.bugzilla.kernel.org/> 2011-02-25 3:48 ` [Bug 13547] Buffer overrun in FlashPoint.c bugzilla-daemon 2011-03-02 19:48 ` bugzilla-daemon @ 2011-03-02 20:27 ` bugzilla-daemon 2012-06-08 11:59 ` bugzilla-daemon 2012-06-08 11:59 ` bugzilla-daemon 4 siblings, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2011-03-02 20:27 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=13547 --- Comment #5 from Randy Dunlap <randy.dunlap@oracle.com> 2011-03-02 20:27:29 --- The patch prevents the following test from returning FAILURE, which is a new error, so the patch is bad. -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] Buffer overrun in FlashPoint.c [not found] <bug-13547-11613@https.bugzilla.kernel.org/> ` (2 preceding siblings ...) 2011-03-02 20:27 ` bugzilla-daemon @ 2012-06-08 11:59 ` bugzilla-daemon 2012-06-08 11:59 ` bugzilla-daemon 4 siblings, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2012-06-08 11:59 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=13547 Alan <alan@lxorguk.ukuu.org.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |alan@lxorguk.ukuu.org.uk Resolution| |OBSOLETE -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] Buffer overrun in FlashPoint.c [not found] <bug-13547-11613@https.bugzilla.kernel.org/> ` (3 preceding siblings ...) 2012-06-08 11:59 ` bugzilla-daemon @ 2012-06-08 11:59 ` bugzilla-daemon 4 siblings, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2012-06-08 11:59 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=13547 Alan <alan@lxorguk.ukuu.org.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED -- Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] New: Buffer overrun in FlashPoint.c
@ 2009-06-15 13:46 bugzilla-daemon
2009-06-16 22:24 ` [Bug 13547] " bugzilla-daemon
2009-06-18 7:47 ` bugzilla-daemon
0 siblings, 2 replies; 7+ messages in thread
From: bugzilla-daemon @ 2009-06-15 13:46 UTC (permalink / raw)
To: linux-scsi
http://bugzilla.kernel.org/show_bug.cgi?id=13547
Summary: Buffer overrun in FlashPoint.c
Product: SCSI Drivers
Version: 2.5
Kernel Version: 2.6.30
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
AssignedTo: scsi_drivers-other@kernel-bugs.osdl.org
ReportedBy: ettl.martin@gmx.de
Regression: No
Hi,
i detected a possible buffer overrun in File
linux-2.6.30/drivers/scsi/FlashPoint.c
I used the static code analysis tool cppcheck to detect this. It printed the
following message:
[linux-2.6.30/drivers/scsi/FlashPoint.c:1222]: (all) Buffer overrun
Lets take a look at line 1222:
// ...
for (thisCard = 0; thisCard <= MAX_CARDS; thisCard++) {
if (thisCard == MAX_CARDS) {
return FAILURE;
}
1222 if (FPT_BL_Card[thisCard].ioPort == ioport) {
CurrCard = &FPT_BL_Card[thisCard];
FPT_SccbMgrTableInitCard(CurrCard, thisCard);
break;
}
// ...
The for loop terminates when thisCard <= MAX_CARDS. MAX_CARDS is defined as 8
in this file. Here there are 9 iterations made. This is one to much.
A possible solution to avoid this:
for (thisCard = 0; thisCard < MAX_CARDS; thisCard++) {
Best regards
Ettl Martin
--
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug 13547] Buffer overrun in FlashPoint.c 2009-06-15 13:46 [Bug 13547] New: " bugzilla-daemon @ 2009-06-16 22:24 ` bugzilla-daemon 2009-06-18 7:47 ` bugzilla-daemon 1 sibling, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2009-06-16 22:24 UTC (permalink / raw) To: linux-scsi http://bugzilla.kernel.org/show_bug.cgi?id=13547 --- Comment #1 from Randy Dunlap <randy.dunlap@oracle.com> 2009-06-16 22:24:35 --- How about the if-block just above line 1222? Won't it prevent line 1222 from being executed when thisCard == MAX_CARDS? -- Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug 13547] Buffer overrun in FlashPoint.c 2009-06-15 13:46 [Bug 13547] New: " bugzilla-daemon 2009-06-16 22:24 ` [Bug 13547] " bugzilla-daemon @ 2009-06-18 7:47 ` bugzilla-daemon 1 sibling, 0 replies; 7+ messages in thread From: bugzilla-daemon @ 2009-06-18 7:47 UTC (permalink / raw) To: linux-scsi http://bugzilla.kernel.org/show_bug.cgi?id=13547 --- Comment #2 from Martin Ettl <ettl.martin@gmx.de> 2009-06-18 07:47:48 --- Yes i see. You can avoid the if-statement by using this: for (thisCard = 0; thisCard < MAX_CARDS; thisCard++) Regards Martin -- Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-06-08 11:59 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-13547-11613@https.bugzilla.kernel.org/>
2011-02-25 3:48 ` [Bug 13547] Buffer overrun in FlashPoint.c bugzilla-daemon
2011-03-02 19:48 ` bugzilla-daemon
2011-03-02 20:27 ` bugzilla-daemon
2012-06-08 11:59 ` bugzilla-daemon
2012-06-08 11:59 ` bugzilla-daemon
2009-06-15 13:46 [Bug 13547] New: " bugzilla-daemon
2009-06-16 22:24 ` [Bug 13547] " bugzilla-daemon
2009-06-18 7:47 ` bugzilla-daemon
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox