From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753461AbcEIWoN (ORCPT <rfc822;w@1wt.eu>);
	Mon, 9 May 2016 18:44:13 -0400
Received: from domu-toccata.ens-lyon.fr ([140.77.166.138]:46022 "EHLO
	sonata.ens-lyon.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753299AbcEIWoM (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 9 May 2016 18:44:12 -0400
Date: Tue, 10 May 2016 00:44:02 +0200
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
To: Colin King <colin.king@canonical.com>
Cc: William Hubbs <w.d.hubbs@gmail.com>,
        Chris Brannon <chris@the-brannons.com>, Kirk Reiser <kirk@reisers.ca>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Amitoj Kaur Chawla <amitoj1606@gmail.com>, speakup@linux-speakup.org,
        devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] staging: speakup: ensure we do not overrun synths array
Message-ID: <20160509224402.GV3473@var.home>
Mail-Followup-To: Samuel Thibault <samuel.thibault@ens-lyon.org>,
	Colin King <colin.king@canonical.com>,
	William Hubbs <w.d.hubbs@gmail.com>,
	Chris Brannon <chris@the-brannons.com>,
	Kirk Reiser <kirk@reisers.ca>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Amitoj Kaur Chawla <amitoj1606@gmail.com>,
	speakup@linux-speakup.org, devel@driverdev.osuosl.org,
	linux-kernel@vger.kernel.org
References: <1462832534-11128-1-git-send-email-colin.king@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1462832534-11128-1-git-send-email-colin.king@canonical.com>
User-Agent: Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Colin King, on Mon 09 May 2016 23:22:14 +0100, wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> synth_add allows one to add MAXSYNTHS synths to the synths array;
> however it always NULLifies the next synth in the array which
> means that on the MAXSYNTHS synth we get an out-of-bounds write of
> the NULL to the synths array.  Make the synths array MAXSYNTHS + 1
> elements in size to allow for the final NULL sentinal to avoid the
> out-of-bounds write.
> 
> Issue found wit CoverityScan, CID#744671
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

> ---
>  drivers/staging/speakup/synth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/speakup/synth.c b/drivers/staging/speakup/synth.c
> index 4f462c3..810a214 100644
> --- a/drivers/staging/speakup/synth.c
> +++ b/drivers/staging/speakup/synth.c
> @@ -18,7 +18,7 @@
>  #include "serialio.h"
>  
>  #define MAXSYNTHS       16      /* Max number of synths in array. */
> -static struct spk_synth *synths[MAXSYNTHS];
> +static struct spk_synth *synths[MAXSYNTHS + 1];
>  struct spk_synth *synth;
>  char spk_pitch_buff[32] = "";
>  static int module_status;
> -- 
> 2.8.1
> 

-- 
Samuel
Actually, typing random strings in the Finder does the equivalent of
filename completion.
(Discussion in comp.os.linux.misc on the intuitiveness of commands: file
completion vs. the Mac Finder.)