lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 Feb 2008 11:15:20 -0800
From:	Jesse Barnes <jesse.barnes@...el.com>
To:	Jens Axboe <jens.axboe@...cle.com>
Cc:	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org
Subject: Re: out-of-bounds array index

On Thursday, February 07, 2008 10:56 am Jens Axboe wrote:
> Hi,
>
> Just saw this from gcc:
>
> drivers/char/drm/i915_drv.c: In function ?i915_suspend?:
> drivers/char/drm/i915_drv.c:173: warning: array subscript is above array
> bounds
>   CC [M]  drivers/char/drm/i915_dma.o
> drivers/char/drm/i915_drv.c: In function ?i915_resume?:
> drivers/char/drm/i915_drv.c:220: warning: array subscript is above array
> bounds
>
> It's this code:
>
>         dev_priv->saveGR[0x18] =
>                 i915_read_indexed(VGA_GR_INDEX, VGA_GR_DATA, 0x18);
>
> which looks legit, since saveGR is
>
>         u8 saveGR[24];
>
> It has been introduced by commit
> ba8bbcf6ff4650712f64c0ef61139c73898e2165, which seems to be you Jesse.

Just a silly off by one, don't know why I didn't catch it earlier.  I'll push 
the fix to the drm tree.  Linus, you may want to take it in parallel.

Jesse

Make sure we have enough room for all the GR registers or we'll end up 
clobbering the AR index register (which should actually be harmless unless 
the BIOS is making an assumption about it).

Signed-off-by:  Jesse Barnes <jesse.barnes@...el.com>

diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
index 37bbf67..f8308bf 100644
--- a/drivers/char/drm/i915_drv.h
+++ b/drivers/char/drm/i915_drv.h
@@ -187,7 +187,7 @@ typedef struct drm_i915_private {
 	u32 saveSWF2[3];
 	u8 saveMSR;
 	u8 saveSR[8];
-	u8 saveGR[24];
+	u8 saveGR[25];
 	u8 saveAR_INDEX;
 	u8 saveAR[20];
 	u8 saveDACMASK;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ