[Patch] Off by one in drivers/block/floppy.c

From: Eric Sesterhenn
Date: Tue Jun 27 2006 - 17:56:23 EST

Next message: hawkes: "[PATCH] ia64: change usermode HZ to 250"
Previous message: Andrew Morton: "Re: [PATCH 3/6] EDAC mc numbers refactor 2-of-2"
Next in thread: Pete Zaitcev: "Re: [Patch] Off by one in drivers/block/floppy.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

another bug spotted by coverity (id #481).
In the case that drive == N_DRIVE we acess past the
drive_params array which is defined as
drive_params[N_DRIVE]. By using the UDP define
in the else case because UDP is &drive_params[drive]

Signed-off-by: Eric Sesterhenn <snakebyte@xxxxxx>

--- linux-2.6.17-git11/drivers/block/floppy.c.orig 2006-06-27 23:49:22.000000000 +0200
+++ linux-2.6.17-git11/drivers/block/floppy.c 2006-06-27 23:49:40.000000000 +0200
@@ -684,7 +684,7 @@ static void __reschedule_timeout(int dri
if (drive == current_reqD)
drive = current_drive;
del_timer(&fd_timeout);
- if (drive < 0 || drive > N_DRIVE) {
+ if (drive < 0 || drive > N_DRIVE-1) {
fd_timeout.expires = jiffies + 20UL * HZ;
drive = 0;
} else

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: hawkes: "[PATCH] ia64: change usermode HZ to 250"
Previous message: Andrew Morton: "Re: [PATCH 3/6] EDAC mc numbers refactor 2-of-2"
Next in thread: Pete Zaitcev: "Re: [Patch] Off by one in drivers/block/floppy.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]