| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Feb 2009 21:27:55 +0100
From: Jarek Poplawski <jarkao2@...il.com>
To: Roel Kluin <roel.kluin@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] net: off by one, try #2
On Wed, Feb 11, 2009 at 08:33:25PM +0100, Roel Kluin wrote:
> Jarek Poplawski wrote:
> > On Wed, Feb 11, 2009 at 03:22:52PM +0100, Roel Kluin wrote:
> >>>> With while (x++ < n) { ... } x can reach n+1.
> >>> Yes, but it looks like here is even more...
> >>> i is also misused here and array can be overriden, so additional
> >>> break/return is needed.
> >> Thanks, is this how it should be?
> >
> > It looks (almost) OK to me. :-) Except this > 80 line.
> >
> > On the other hand, I wonder if it's not a good time to make it more
> > readable; I mean the first while (): length, ";", and maybe ++j
> > similarly to i now?
> >
> > BTW, I hope you remember about irda.
> >
> > Jarek P.
>
> Thanks again for reviewing, how's this? with irda this time.
Hmm... except one bug: "stat & ..." needs "()"...
Roel, please resend once more, but separated: something could go to
stable, but not necessarily together. And add more description,
especially to this 3c505 (here is more changes than 'while (x++ < n)').
Anyway, I hope David will like these "off by one" patches again,
especially after this, and sun3lance one. Good catches!
Cheers,
Jarek P.
> -------------------->8----------------8<-----------------------
>
> With while (x++ < n) { ... } x can reach n+1. As Jarek Poplawski pointed out, array
> pcb->data.raw was not correctly used.
>
> Signed-off-by: Roel Kluin <roel.kluin@...il.com>
> ---
> diff --git a/drivers/net/3c505.c b/drivers/net/3c505.c
> index 6124605..4ade64a 100644
> --- a/drivers/net/3c505.c
> +++ b/drivers/net/3c505.c
> @@ -493,15 +493,21 @@ static bool receive_pcb(struct net_device *dev, pcb_struct * pcb)
> }
> /* read the data */
> spin_lock_irqsave(&adapter->lock, flags);
> - i = 0;
> - do {
> - j = 0;
> - while (((stat = get_status(dev->base_addr)) & ACRF) == 0 && j++ < 20000);
> - pcb->data.raw[i++] = inb_command(dev->base_addr);
> - if (i > MAX_PCB_DATA)
> - INVALID_PCB_MSG(i);
> - } while ((stat & ASF_PCB_MASK) != ASF_PCB_END && j < 20000);
> + for (i = 0; i < MAX_PCB_DATA; i++) {
> + for (j = 0; j < 20000; j++) {
> + stat = get_status(dev->base_addr);
> + if (stat & ACRF)
> + break;
> + }
> + pcb->data.raw[i] = inb_command(dev->base_addr);
> + if (stat & ASF_PCB_MASK == ASF_PCB_END || j >= 20000)
> + break;
> + }
> spin_unlock_irqrestore(&adapter->lock, flags);
> + if (i >= MAX_PCB_DATA) {
> + INVALID_PCB_MSG(i);
> + return false;
> + }
> if (j >= 20000) {
> TIMEOUT_MSG(__LINE__);
> return false;
> diff --git a/drivers/net/irda/mcs7780.c b/drivers/net/irda/mcs7780.c
> index 7eafdca..85e88da 100644
> --- a/drivers/net/irda/mcs7780.c
> +++ b/drivers/net/irda/mcs7780.c
> @@ -585,7 +585,7 @@ static int mcs_speed_change(struct mcs_cb *mcs)
> mcs_get_reg(mcs, MCS_RESV_REG, &rval);
> } while(cnt++ < 100 && (rval & MCS_IRINTX));
>
> - if(cnt >= 100) {
> + if (cnt > 100) {
> IRDA_ERROR("unable to change speed\n");
> ret = -EIO;
> goto error;
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists