lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Oct 2007 08:15:56 -0700 From: "Keshavamurthy, Anil S" <anil.s.keshavamurthy@...el.com> To: Takashi Iwai <tiwai@...e.de> Cc: mgross@...ux.intel.com, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org, anil.s.keshavamurthy@...el.com Subject: Re: [PATCH] intel-iommu: Fix array overflow On Thu, Oct 25, 2007 at 09:31:02AM +0200, Takashi Iwai wrote: > At Wed, 24 Oct 2007 16:30:37 -0700, > Mark Gross wrote: > > > > On Tue, Oct 23, 2007 at 10:57:51AM +0200, Takashi Iwai wrote: > > > Fix possible array overflow: > > > > > > drivers/pci/intel-iommu.c: In function ‘dmar_get_fault_reason’: > > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > > drivers/pci/intel-iommu.c: In function ‘iommu_page_fault’: > > > drivers/pci/intel-iommu.c:753: warning: array subscript is above array bounds > > > > > > Signed-off-by: Takashi Iwai <tiwai@...e.de> > > > > > > --- > > > drivers/pci/intel-iommu.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c > > > index b3d7031..e4b0a0d 100644 > > > --- a/drivers/pci/intel-iommu.c > > > +++ b/drivers/pci/intel-iommu.c > > > @@ -749,8 +749,8 @@ static char *fault_reason_strings[] = > > > > > > char *dmar_get_fault_reason(u8 fault_reason) > > > { > > > - if (fault_reason > MAX_FAULT_REASON_IDX) > > > - return fault_reason_strings[MAX_FAULT_REASON_IDX]; > > > + if (fault_reason >= MAX_FAULT_REASON_IDX) > > > + return fault_reason_strings[MAX_FAULT_REASON_IDX - 1]; > > > > This looks like what the code meant to implement. > > I think not. The size of fault_reason_strings[] is > MAX_FAULT_REASON_IDX, not + 1. So gcc warning is correct. > Maybe the main problem is that the constant name is confusing... Yup, GCC warning is correct. the size of fault_reason_strings[] is MAX_FAULT_REASON_IDX and hence the max array that can be referenced is [MAX_FAULT_REASON_IDX -1], hence the fix by Takashi is correct. -Anil - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists