* arch/arm/mach-omap2/mux.c: Off by one error
@ 2010-01-31 12:16 d binderman
2010-02-01 21:06 ` Tony Lindgren
0 siblings, 1 reply; 4+ messages in thread
From: d binderman @ 2010-01-31 12:16 UTC (permalink / raw)
To: tony; +Cc: linux-kernel
Hello there,
I just ran the sourceforge tool cppcheck over the source code of the
new Linux kernel 2.6.33-rc6
It said
[./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
The source code is
char mode[14];
int i = -1;
sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
13 characters + 1 digit + 1 zero byte is more than 14 characters.
Suggest new code
char mode[15];
int i = -1;
sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
Regards
David Binderman
_________________________________________________________________
Tell us your greatest, weirdest and funniest Hotmail stories
http://clk.atdmt.com/UKM/go/195013117/direct/01/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: arch/arm/mach-omap2/mux.c: Off by one error
2010-01-31 12:16 arch/arm/mach-omap2/mux.c: Off by one error d binderman
@ 2010-02-01 21:06 ` Tony Lindgren
2010-02-01 21:17 ` Joe Perches
0 siblings, 1 reply; 4+ messages in thread
From: Tony Lindgren @ 2010-02-01 21:06 UTC (permalink / raw)
To: d binderman; +Cc: linux-kernel
* d binderman <dcb314@hotmail.com> [100131 04:14]:
>
>
> Hello there,
>
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
>
> It said
>
> [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
>
> The source code is
>
> char mode[14];
> int i = -1;
>
> sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
>
> 13 characters + 1 digit + 1 zero byte is more than 14 characters.
>
> Suggest new code
>
> char mode[15];
> int i = -1;
>
> sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
Thanks for reporting this.
I'll queue up the following fix for this for 2.6.34.
Regards,
Tony
From: Tony Lindgren <tony@atomide.com>
Date: Mon, 1 Feb 2010 13:03:42 -0800
Subject: [PATCH] omap: Fix arch/arm/mach-omap2/mux.c: Off by one error
David Binderman ran the sourceforge tool cppcheck over the source code of the
new Linux kernel 2.6.33-rc6:
[./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
13 characters + 1 digit + 1 zero byte is more than 14 characters.
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
index 32764be..047aa57 100644
--- a/arch/arm/mach-omap2/mux.c
+++ b/arch/arm/mach-omap2/mux.c
@@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
static inline void omap_mux_decode(struct seq_file *s, u16 val)
{
char *flags[OMAP_MUX_MAX_NR_FLAGS];
- char mode[14];
+ char mode[15];
int i = -1;
sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: arch/arm/mach-omap2/mux.c: Off by one error
2010-02-01 21:06 ` Tony Lindgren
@ 2010-02-01 21:17 ` Joe Perches
2010-02-01 22:05 ` Tony Lindgren
0 siblings, 1 reply; 4+ messages in thread
From: Joe Perches @ 2010-02-01 21:17 UTC (permalink / raw)
To: Tony Lindgren; +Cc: d binderman, linux-kernel
On Mon, 2010-02-01 at 13:06 -0800, Tony Lindgren wrote:
> * d binderman <dcb314@hotmail.com> [100131 04:14]:
> > I just ran the sourceforge tool cppcheck over the source code of the
> > new Linux kernel 2.6.33-rc6
> >
> > It said
> >
> > [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
> >
> > The source code is
> >
> > char mode[14];
> > int i = -1;
> >
> > sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
> > 13 characters + 1 digit + 1 zero byte is more than 14 characters.
> > Suggest new code
> > char mode[15];
> diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
> index 32764be..047aa57 100644
> --- a/arch/arm/mach-omap2/mux.c
> +++ b/arch/arm/mach-omap2/mux.c
> @@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
> static inline void omap_mux_decode(struct seq_file *s, u16 val)
> {
> char *flags[OMAP_MUX_MAX_NR_FLAGS];
> - char mode[14];
> + char mode[15];
Maybe:
char mode[sizeof("OMAP_MUX_MODE") + 1];
or
char mode[OMAP_MUX_DEFNAME_LEN];
with the #define moved up a bit?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: arch/arm/mach-omap2/mux.c: Off by one error
2010-02-01 21:17 ` Joe Perches
@ 2010-02-01 22:05 ` Tony Lindgren
0 siblings, 0 replies; 4+ messages in thread
From: Tony Lindgren @ 2010-02-01 22:05 UTC (permalink / raw)
To: Joe Perches; +Cc: d binderman, linux-kernel
* Joe Perches <joe@perches.com> [100201 13:14]:
> On Mon, 2010-02-01 at 13:06 -0800, Tony Lindgren wrote:
> > * d binderman <dcb314@hotmail.com> [100131 04:14]:
> > > I just ran the sourceforge tool cppcheck over the source code of the
> > > new Linux kernel 2.6.33-rc6
> > >
> > > It said
> > >
> > > [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
> > >
> > > The source code is
> > >
> > > char mode[14];
> > > int i = -1;
> > >
> > > sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
> > > 13 characters + 1 digit + 1 zero byte is more than 14 characters.
> > > Suggest new code
> > > char mode[15];
> > diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
> > index 32764be..047aa57 100644
> > --- a/arch/arm/mach-omap2/mux.c
> > +++ b/arch/arm/mach-omap2/mux.c
> > @@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
> > static inline void omap_mux_decode(struct seq_file *s, u16 val)
> > {
> > char *flags[OMAP_MUX_MAX_NR_FLAGS];
> > - char mode[14];
> > + char mode[15];
>
> Maybe:
>
> char mode[sizeof("OMAP_MUX_MODE") + 1];
Thanks, that makes it nicer. Updated patch below.
> or
> char mode[OMAP_MUX_DEFNAME_LEN];
>
> with the #define moved up a bit?
>
That's for the mux signal name, which is different from the mux mode.
But looking over that, it should eventually be done with strlen + kmalloc
if the signal names for mode0 start increasing for new omaps. So added a
comment there for now.
Regards,
Tony
>From ec5041da8d158ed601f18d6efbd779bb6733eb37 Mon Sep 17 00:00:00 2001
From: Tony Lindgren <tony@atomide.com>
Date: Mon, 1 Feb 2010 13:03:42 -0800
Subject: [PATCH] omap: Fix arch/arm/mach-omap2/mux.c: Off by one error
David Binderman ran the sourceforge tool cppcheck over the source code of the
new Linux kernel 2.6.33-rc6:
[./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
13 characters + 1 digit + 1 zero byte is more than 14 characters.
Also add a comment on mode0 name length in case new omaps
start using longer names.
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
index 32764be..6bfcbec 100644
--- a/arch/arm/mach-omap2/mux.c
+++ b/arch/arm/mach-omap2/mux.c
@@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
static inline void omap_mux_decode(struct seq_file *s, u16 val)
{
char *flags[OMAP_MUX_MAX_NR_FLAGS];
- char mode[14];
+ char mode[sizeof("OMAP_MUX_MODE") + 1];
int i = -1;
sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
@@ -553,6 +553,7 @@ static int omap_mux_dbg_board_show(struct seq_file *s, void *unused)
if (!m0_name)
continue;
+ /* REVISIT: Needs to be updated if mode0 names get longer */
for (i = 0; i < OMAP_MUX_DEFNAME_LEN; i++) {
if (m0_name[i] == '\0') {
m0_def[i] = m0_name[i];
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-02-01 22:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-31 12:16 arch/arm/mach-omap2/mux.c: Off by one error d binderman
2010-02-01 21:06 ` Tony Lindgren
2010-02-01 21:17 ` Joe Perches
2010-02-01 22:05 ` Tony Lindgren
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).