[PATCH] serial167: Read buffer overflow

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] serial167: Read buffer overflow
@ 2009-08-03 12:15 Roel Kluin
  2009-08-04 22:18 ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: Roel Kluin @ 2009-08-03 12:15 UTC (permalink / raw)
  To: alan, LKML, Andrew Morton

Check whether index is within bounds before grabbing the element.
Also, since NR_PORTS is defined ARRAY_SIZE(cy_port),
cy_port[NR_PORTS] is out of bounds as well. 

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
diff --git a/drivers/char/serial167.c b/drivers/char/serial167.c
index 51e7a46..affa5e2 100644
--- a/drivers/char/serial167.c
+++ b/drivers/char/serial167.c
@@ -222,7 +222,7 @@ static inline int serial_paranoia_check(struct cyclades_port *info, char *name,
 	}
 
 	if ((long)info < (long)(&cy_port[0])
-	    || (long)(&cy_port[NR_PORTS]) < (long)info) {
+	    || (long)(&cy_port[NR_PORTS-1]) < (long)info) {
 		printk("Warning: cyclades_port out of range for (%s) in %s\n",
 				name, routine);
 		return 1;
@@ -521,15 +521,13 @@ static irqreturn_t cd2401_tx_interrupt(int irq, void *dev_id)
 		panic("TxInt on debug port!!!");
 	}
 #endif
-
-	info = &cy_port[channel];
-
 	/* validate the port number (as configured and open) */
 	if ((channel < 0) || (NR_PORTS <= channel)) {
 		base_addr[CyIER] &= ~(CyTxMpty | CyTxRdy);
 		base_addr[CyTEOIR] = CyNOTRANS;
 		return IRQ_HANDLED;
 	}
+	info = &cy_port[channel];
 	info->last_active = jiffies;
 	if (info->tty == 0) {
 		base_addr[CyIER] &= ~(CyTxMpty | CyTxRdy);

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] serial167: Read buffer overflow
  2009-08-03 12:15 [PATCH] serial167: Read buffer overflow Roel Kluin
@ 2009-08-04 22:18 ` Andrew Morton
  2009-08-05  9:17   ` Geert Uytterhoeven
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2009-08-04 22:18 UTC (permalink / raw)
  To: Roel Kluin; +Cc: alan, linux-kernel, Geert Uytterhoeven, linux-next

On Mon, 03 Aug 2009 14:15:22 +0200
Roel Kluin <roel.kluin@gmail.com> wrote:

> @@ -222,7 +222,7 @@ static inline int serial_paranoia_check(struct cyclades_port *info, char *name,
>  	}
>  
>  	if ((long)info < (long)(&cy_port[0])
> -	    || (long)(&cy_port[NR_PORTS]) < (long)info) {
> +	    || (long)(&cy_port[NR_PORTS-1]) < (long)info) {
>  		printk("Warning: cyclades_port out of range for (%s) in %s\n",
>  				name, routine);

OK, that hurts my brain.  And all those casts are pointless.  How about this?

	if (info < &cy_port[0] || info >= &cy_port[NR_PORTS]) {
		printk("Warning: cyclades_port out of range for (%s) in %s\n",
				name, routine);
		return 1;
	}



btw, m68k allmodconfig in current mainline is sick:

In file included from /usr/src/devel/arch/m68k/include/asm/pgtable.h:4,
                 from include/linux/mm.h:40,
                 from drivers/char/serial167.c:62:
/usr/src/devel/arch/m68k/include/asm/pgtable_mm.h:148:1: warning: "pgprot_noncached" redefined
In file included from /usr/src/devel/arch/m68k/include/asm/pgtable_mm.h:138,
                 from /usr/src/devel/arch/m68k/include/asm/pgtable.h:4,
                 from include/linux/mm.h:40,
                 from drivers/char/serial167.c:62:
include/asm-generic/pgtable.h:133:1: warning: this is the location of the previous definition


And in linux-next m68k allmodconfig is dead as a doornail:

drivers/staging/vme/Kconfig:5:warning: type of 'VME' redefined from 'boolean' to 'tristate'
In file included from include/linux/irq.h:12,
                 from include/asm-generic/hardirq.h:6,
                 from /usr/src/devel/arch/m68k/include/asm/hardirq.h:4,
                 from include/linux/hardirq.h:10,
                 from /usr/src/devel/arch/m68k/include/asm/system_mm.h:69,
                 from /usr/src/devel/arch/m68k/include/asm/system.h:4,
                 from include/linux/list.h:7,
                 from include/linux/preempt.h:11,
                 from include/linux/spinlock.h:50,
                 from include/linux/seqlock.h:29,
                 from include/linux/time.h:8,
                 from include/linux/timex.h:56,
                 from include/linux/sched.h:56,
                 from arch/m68k/kernel/asm-offsets.c:12:
include/linux/smp.h:17: error: field 'list' has incomplete type
In file included from include/linux/mmzone.h:9,
                 from include/linux/gfp.h:4,
                 from include/linux/irq.h:20,
                 from include/asm-generic/hardirq.h:6,
                 from /usr/src/devel/arch/m68k/include/asm/hardirq.h:4,
                 from include/linux/hardirq.h:10,
                 from /usr/src/devel/arch/m68k/include/asm/system_mm.h:69,
                 from /usr/src/devel/arch/m68k/include/asm/system.h:4,
                 from include/linux/list.h:7,
                 from include/linux/preempt.h:11,
                 from include/linux/spinlock.h:50,
                 from include/linux/seqlock.h:29,
                 from include/linux/time.h:8,
                 from include/linux/timex.h:56,
                 from include/linux/sched.h:56,
                 from arch/m68k/kernel/asm-offsets.c:12:
include/linux/wait.h:37: error: field 'task_list' has incomplete type
include/linux/wait.h:51: error: expected specifier-qualifier-list before 'spinlock_t'
include/linux/wait.h: In function 'waitqueue_active':
include/linux/wait.h:108: error: implicit declaration of function 'list_empty'
include/linux/wait.h:108: error: 'wait_queue_head_t' has no member named 'task_list'
include/linux/wait.h: In function '__add_wait_queue':
include/linux/wait.h:117: error: implicit declaration of function 'list_add'
include/linux/wait.h:117: error: 'wait_queue_head_t' has no member named 'task_list'
include/linux/wait.h: In function '__add_wait_queue_tail':
include/linux/wait.h:126: error: implicit declaration of function 'list_add_tail'
include/linux/wait.h:126: error: 'wait_queue_head_t' has no member named 'task_list'
include/linux/wait.h: In function '__remove_wait_queue':
include/linux/wait.h:132: error: implicit declaration of function 'list_del'


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] serial167: Read buffer overflow
  2009-08-04 22:18 ` Andrew Morton
@ 2009-08-05  9:17   ` Geert Uytterhoeven
  0 siblings, 0 replies; 3+ messages in thread
From: Geert Uytterhoeven @ 2009-08-05  9:17 UTC (permalink / raw)
  To: Andrew Morton; +Cc: Roel Kluin, alan, linux-kernel, linux-next, Linux/m68k

On Wed, Aug 5, 2009 at 00:18, Andrew Morton<akpm@linux-foundation.org> wrote:
> btw, m68k allmodconfig in current mainline is sick:
>
> And in linux-next m68k allmodconfig is dead as a doornail:

Will look at it (eventually)...

But recovering from a too-long absence and replacing the computer that
died before the absence
while keeping the mill of life running take its time...

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-08-05  9:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-03 12:15 [PATCH] serial167: Read buffer overflow Roel Kluin
2009-08-04 22:18 ` Andrew Morton
2009-08-05  9:17   ` Geert Uytterhoeven

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox