* [Qemu-devel] [PATCH] fat_chksum(): fix access above array bounds @ 2010-08-21 22:47 Loïc Minier 2010-08-23 14:42 ` Kevin Wolf 0 siblings, 1 reply; 3+ messages in thread From: Loïc Minier @ 2010-08-21 22:47 UTC (permalink / raw) To: qemu-devel; +Cc: Loïc Minier Signed-off-by: Loïc Minier <loic.minier@linaro.org> --- block/vvfat.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/block/vvfat.c b/block/vvfat.c index 6d61c2e..365332a 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -512,7 +512,7 @@ static inline uint8_t fat_chksum(const direntry_t* entry) for(i=0;i<11;i++) { unsigned char c; - c = (i <= 8) ? entry->name[i] : entry->extension[i-8]; + c = (i < 8) ? entry->name[i] : entry->extension[i-8]; chksum=(((chksum&0xfe)>>1)|((chksum&0x01)?0x80:0)) + c; } -- 1.7.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] fat_chksum(): fix access above array bounds 2010-08-21 22:47 [Qemu-devel] [PATCH] fat_chksum(): fix access above array bounds Loïc Minier @ 2010-08-23 14:42 ` Kevin Wolf 2010-08-23 14:56 ` Loïc Minier 0 siblings, 1 reply; 3+ messages in thread From: Kevin Wolf @ 2010-08-23 14:42 UTC (permalink / raw) To: Loïc Minier; +Cc: qemu-devel Am 22.08.2010 00:47, schrieb Loïc Minier: > Signed-off-by: Loïc Minier <loic.minier@linaro.org> Thanks, applied to the block patch. How did you find this one? From a quick look it seems that the pattern that name is intentionally overflowed to access extension is still there in some places. So if this caused some real bug, I think we'll have to fix the other ones, too. Kevin ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH] fat_chksum(): fix access above array bounds 2010-08-23 14:42 ` Kevin Wolf @ 2010-08-23 14:56 ` Loïc Minier 0 siblings, 0 replies; 3+ messages in thread From: Loïc Minier @ 2010-08-23 14:56 UTC (permalink / raw) To: Kevin Wolf; +Cc: qemu-devel On Mon, Aug 23, 2010, Kevin Wolf wrote: > How did you find this one? From a quick look it seems that the pattern > that name is intentionally overflowed to access extension is still there > in some places. So if this caused some real bug, I think we'll have to > fix the other ones, too. Compiler found that one http://launchpadlibrarian.net/54142111/buildlog_ubuntu-maverick-armel.qemu-maemo_0.0~20100806%2Bd7a5eb1-0ubuntu1~linaro2_FAILEDTOBUILD.txt.gz but I didn't quote it because I'm at a loss as to why it detected it now and on armel only. I think I just got one accidental build on a modern gcc-4.4 tree because of the timing of my copy of the packages. I guess I should build them more regularly under a recent gcc. -- Loïc Minier ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-08-23 14:56 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-08-21 22:47 [Qemu-devel] [PATCH] fat_chksum(): fix access above array bounds Loïc Minier 2010-08-23 14:42 ` Kevin Wolf 2010-08-23 14:56 ` Loïc Minier
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).