Re: out-of-bounds array index

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jesse Barnes <jesse.barnes@intel.com>
To: Jens Axboe <jens.axboe@oracle.com>
Cc: linux-kernel@vger.kernel.org, torvalds@linux-foundation.org
Subject: Re: out-of-bounds array index
Date: Thu, 7 Feb 2008 11:15:20 -0800	[thread overview]
Message-ID: <200802071115.20501.jesse.barnes@intel.com> (raw)
In-Reply-To: <20080207185642.GN15220@kernel.dk>

On Thursday, February 07, 2008 10:56 am Jens Axboe wrote:
> Hi,
>
> Just saw this from gcc:
>
> drivers/char/drm/i915_drv.c: In function ?i915_suspend?:
> drivers/char/drm/i915_drv.c:173: warning: array subscript is above array
> bounds
>   CC [M]  drivers/char/drm/i915_dma.o
> drivers/char/drm/i915_drv.c: In function ?i915_resume?:
> drivers/char/drm/i915_drv.c:220: warning: array subscript is above array
> bounds
>
> It's this code:
>
>         dev_priv->saveGR[0x18] =
>                 i915_read_indexed(VGA_GR_INDEX, VGA_GR_DATA, 0x18);
>
> which looks legit, since saveGR is
>
>         u8 saveGR[24];
>
> It has been introduced by commit
> ba8bbcf6ff4650712f64c0ef61139c73898e2165, which seems to be you Jesse.

Just a silly off by one, don't know why I didn't catch it earlier.  I'll push 
the fix to the drm tree.  Linus, you may want to take it in parallel.

Jesse

Make sure we have enough room for all the GR registers or we'll end up 
clobbering the AR index register (which should actually be harmless unless 
the BIOS is making an assumption about it).

Signed-off-by:  Jesse Barnes <jesse.barnes@intel.com>

diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
index 37bbf67..f8308bf 100644
--- a/drivers/char/drm/i915_drv.h
+++ b/drivers/char/drm/i915_drv.h
@@ -187,7 +187,7 @@ typedef struct drm_i915_private {
 	u32 saveSWF2[3];
 	u8 saveMSR;
 	u8 saveSR[8];
-	u8 saveGR[24];
+	u8 saveGR[25];
 	u8 saveAR_INDEX;
 	u8 saveAR[20];
 	u8 saveDACMASK;

next prev parent reply	other threads:[~2008-02-07 19:16 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-07 18:56 out-of-bounds array index Jens Axboe
2008-02-07 19:03 ` Jesse Barnes
2008-02-07 19:15 ` Jesse Barnes [this message]
2008-02-07 19:21 ` Jan Engelhardt
2008-02-07 19:28   ` Jesse Barnes
2008-02-07 20:01     ` Jens Axboe

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:37bbf67 dfblob:f8308bf )
 OR (
bs:"Re: out-of-bounds array index" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200802071115.20501.jesse.barnes@intel.com \
    --to=jesse.barnes@intel.com \
    --cc=jens.axboe@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox