Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53

• Next message: Ben Greear: "Re: [PATCH] 8021q memory leak"
• Previous message: Manfred Spraul: "Re: frlock and barrier discussion"
• In reply to: Yichen Xie: "[CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Next in thread: Andreas Henriksson: "Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Reply: Andreas Henriksson: "Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

URL for original email:
  http://www.lkml.org/archive/2003/1/26/98/index.html

| Attached are 87 potential buffer overruns in 2.5.53. Most arise from
| improper bounds checks, and some might be security holes where the array
| index comes from an untrusted source (e.g. copy_from_user). In the bug
| report, "len" refers to the length of the array or buffer being
| accessed, and "off" refers to the offset/index that is being used to
| access it. (off >= len) corresponds to a buffer overrun, while (off < 0)
| signals an underrun.

Here is a summary report of patches for these reported problems.
I suggest that we ask the kernel-janitors project to try to
finish this off.

---------------------------------------------------------

# Summary for
# buffer-specific errors = 87
# /dev/null-specific errors = 0
# Common errors = 0
# Total = 87
# BUGs | File Name

These reported errors are fixed (pending, not merged):
1 | /scsi/aic79xx_pci.c
1 | /input/sunkbd.c
9 | /scsi/aachba.c
4 | /i386/numa.c
3 | /drivers/DAC960.c
3 | /drivers/ibmphp_pci.c
2 | /net/qos.c
2 | /hardware/diva.c
2 | /ftape/ftape-read.c
1 | /drivers/dpt_i2o.c
1 | /drivers/cciss.c
1 | /message/i2o_core.c
1 | /char/rioroute.c
1 | /net/af_bluetooth.c
1 | /drivers/cpqphp_pci.c
1 | /net/scc.c
1 | /sound/dev_table.c
2 | /drivers/specialix.c
1 | /dvb/av7110.c
1 | /media/bttv-cards.c
1 | /drivers/ll_rw_blk.c
1 | /net/rtnetlink.c
1 | /net/orinoco.c
1 | /drivers/riscom8.c
1 | /drivers/i82092.c
1 | /net/smc-ircc.c
1 | /fs/devfs/base.c
1 | /drivers/cpqfcTSworker.c
1 | /drivers/3c59x.c
1 | /drivers/sx.c

These (potential) reported errors are unfixed:
1 | /char/riocmd.c
1 | /char/rioboot.c
1 | /sound/sb_card.c
3 | /video/init301.c
1 | /video/sis_main.c
1 | /video/sis/init.c
1 | /message/mptbase.c
1 | /isdn/isdn_common.c
1 | /hardware/os_4bri.c
2 | /net/skxmac2.c
2 | /drivers/psi240i.c
2 | /drivers/eexpress.c
3 | /message/i2o_block.c
2 | /drivers/tg3.c
1 | /net/3c359.c
1 | /drivers/qlogicfc.c
1 | /media/msp3400.c
1 | /drivers/cdrom.c
1 | /media/radio-terratec.c
1 | /fs/cifssmb.c
1 | /ide/siimage.c

These reported problems aren't errors:
1 | /usb/ohci-hub.c
1 | /drivers/ide-probe.c
5 | /char/i2cmd.c
1 | /fs/xfs_bmap_btree.c

These are already changed/modified/different from the reported problems.
1 | /cpu/powernow-k6.c

###

-- 
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Ben Greear: "Re: [PATCH] 8021q memory leak"
• Previous message: Manfred Spraul: "Re: frlock and barrier discussion"
• In reply to: Yichen Xie: "[CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Next in thread: Andreas Henriksson: "Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Reply: Andreas Henriksson: "Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:24 EST