linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [Bug 13547] New: Buffer overrun in FlashPoint.c
@ 2009-06-15 13:46 bugzilla-daemon
  2009-06-16 22:24 ` [Bug 13547] " bugzilla-daemon
  2009-06-18  7:47 ` bugzilla-daemon
  0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2009-06-15 13:46 UTC (permalink / raw)
  To: linux-scsi

http://bugzilla.kernel.org/show_bug.cgi?id=13547

           Summary: Buffer overrun in FlashPoint.c
           Product: SCSI Drivers
           Version: 2.5
    Kernel Version: 2.6.30
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
        AssignedTo: scsi_drivers-other@kernel-bugs.osdl.org
        ReportedBy: ettl.martin@gmx.de
        Regression: No


Hi,

i detected a possible buffer overrun in File
linux-2.6.30/drivers/scsi/FlashPoint.c

I used the static code analysis tool cppcheck to detect this. It printed the
following message:
[linux-2.6.30/drivers/scsi/FlashPoint.c:1222]: (all) Buffer overrun


Lets take a look at line 1222:
        // ...
    for (thisCard = 0; thisCard <= MAX_CARDS; thisCard++) {

        if (thisCard == MAX_CARDS) {

            return FAILURE;
        }

1222        if (FPT_BL_Card[thisCard].ioPort == ioport) {

            CurrCard = &FPT_BL_Card[thisCard];
            FPT_SccbMgrTableInitCard(CurrCard, thisCard);
            break;
        }

          // ...

The for loop terminates when thisCard <= MAX_CARDS. MAX_CARDS is defined as 8
in this file. Here there are 9 iterations made. This is one to much.  
A possible solution to avoid this:

    for (thisCard = 0; thisCard < MAX_CARDS; thisCard++) {

Best regards

Ettl Martin

-- 
Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-06-18  7:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-15 13:46 [Bug 13547] New: Buffer overrun in FlashPoint.c bugzilla-daemon
2009-06-16 22:24 ` [Bug 13547] " bugzilla-daemon
2009-06-18  7:47 ` bugzilla-daemon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).