[PATCH 4/5] staging/slicoss: Fix buffer possible overflow in slic_card_locate
From: Peter Huewe
Date: Mon Feb 18 2013 - 23:14:51 EST
smatch complains about a possible buffer overflow
slicoss.c:3651 slic_card_locate() error: buffer overflow
'physcard->adapter' 4 <= 4
If the for loop is not exited prematurely i++ is executed after the last
iteration and thus i can be 4, which is out of bounds for
physcard->adapter.
-> Add check for this condition and simplify the if statement by
inverting the condition.
Signed-off-by: Peter Huewe <peterhuewe@xxxxxx>
---
drivers/staging/slicoss/slicoss.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c
index fc08585..48056bf 100644
--- a/drivers/staging/slicoss/slicoss.c
+++ b/drivers/staging/slicoss/slicoss.c
@@ -3643,11 +3643,12 @@ static u32 slic_card_locate(struct adapter *adapter)
while (physcard) {
for (i = 0; i < SLIC_MAX_PORTS; i++) {
- if (!physcard->adapter[i])
- continue;
- else
+ if (physcard->adapter[i])
break;
}
+ if (i == SLIC_MAX_PORTS)
+ break;
+
if (physcard->adapter[i]->slotnumber == adapter->slotnumber)
break;
physcard = physcard->next;
--
1.7.8.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/