* [PATCH] powerpc: Read buffer overflow
@ 2009-08-03 12:41 Roel Kluin
2009-08-03 12:57 ` Paul Mackerras
0 siblings, 1 reply; 4+ messages in thread
From: Roel Kluin @ 2009-08-03 12:41 UTC (permalink / raw)
To: Andrew Morton, linuxppc-dev, benh
Check whether index is within bounds before grabbing the element.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
diff --git a/drivers/macintosh/macio_asic.c b/drivers/macintosh/macio_asic.c
index a0f6838..588a5b0 100644
--- a/drivers/macintosh/macio_asic.c
+++ b/drivers/macintosh/macio_asic.c
@@ -294,10 +294,11 @@ static void macio_setup_interrupts(struct macio_dev *dev)
int i = 0, j = 0;
for (;;) {
- struct resource *res = &dev->interrupt[j];
+ struct resource *res;
if (j >= MACIO_DEV_COUNT_IRQS)
break;
+ res = &dev->interrupt[j];
irq = irq_of_parse_and_map(np, i++);
if (irq == NO_IRQ)
break;
@@ -321,9 +322,10 @@ static void macio_setup_resources(struct macio_dev *dev,
int index;
for (index = 0; of_address_to_resource(np, index, &r) == 0; index++) {
- struct resource *res = &dev->resource[index];
+ struct resource *res;
if (index >= MACIO_DEV_COUNT_RESOURCES)
break;
+ res = &dev->resource[index];
*res = r;
res->name = dev_name(&dev->ofdev.dev);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] powerpc: Read buffer overflow
2009-08-03 12:41 [PATCH] powerpc: Read buffer overflow Roel Kluin
@ 2009-08-03 12:57 ` Paul Mackerras
2009-08-03 13:12 ` Wolfram Sang
2009-08-03 20:15 ` Segher Boessenkool
0 siblings, 2 replies; 4+ messages in thread
From: Paul Mackerras @ 2009-08-03 12:57 UTC (permalink / raw)
To: Roel Kluin; +Cc: linuxppc-dev, Andrew Morton
Roel Kluin writes:
> Check whether index is within bounds before grabbing the element.
The change seems unnecessary since we only compute the address of the
element before the bounds check, we don't actually access the
element. I believe that is legal in C.
Paul.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] powerpc: Read buffer overflow
2009-08-03 12:57 ` Paul Mackerras
@ 2009-08-03 13:12 ` Wolfram Sang
2009-08-03 20:15 ` Segher Boessenkool
1 sibling, 0 replies; 4+ messages in thread
From: Wolfram Sang @ 2009-08-03 13:12 UTC (permalink / raw)
To: Paul Mackerras; +Cc: linuxppc-dev, Andrew Morton, Roel Kluin
[-- Attachment #1: Type: text/plain, Size: 693 bytes --]
On Mon, Aug 03, 2009 at 10:57:17PM +1000, Paul Mackerras wrote:
> Roel Kluin writes:
>
> > Check whether index is within bounds before grabbing the element.
>
> The change seems unnecessary since we only compute the address of the
> element before the bounds check, we don't actually access the
> element. I believe that is legal in C.
I've got this strange feeling of deja vu :)
http://thread.gmane.org/gmane.linux.ports.arm.kernel/63507
(I'd vote for applying it but won't mind if not)
Regards,
Wolfram
--
Pengutronix e.K. | Wolfram Sang |
Industrial Linux Solutions | http://www.pengutronix.de/ |
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] powerpc: Read buffer overflow
2009-08-03 12:57 ` Paul Mackerras
2009-08-03 13:12 ` Wolfram Sang
@ 2009-08-03 20:15 ` Segher Boessenkool
1 sibling, 0 replies; 4+ messages in thread
From: Segher Boessenkool @ 2009-08-03 20:15 UTC (permalink / raw)
To: Paul Mackerras; +Cc: linuxppc-dev, Andrew Morton, Roel Kluin
> The change seems unnecessary since we only compute the address of the
> element before the bounds check, we don't actually access the
> element. I believe that is legal in C.
If you have an array a[N], taking &a[0] .. &a[N] are legal C, everything
else is not.
Segher
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-08-03 20:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-03 12:41 [PATCH] powerpc: Read buffer overflow Roel Kluin
2009-08-03 12:57 ` Paul Mackerras
2009-08-03 13:12 ` Wolfram Sang
2009-08-03 20:15 ` Segher Boessenkool
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).