[Patch] Overrun in drivers/input/joystick/db9.c

From: Eric Sesterhenn
Date: Tue Jun 27 2006 - 18:16:29 EST

Next message: Dave Hansen: "[PATCH 15/20] elevate write count for do_sys_utime() and touch_atime()"
Previous message: Dave Hansen: "[PATCH 13/20] elevate writer count for do_sys_truncate()"
Next in thread: Dmitry Torokhov: "Re: [Patch] Overrun in drivers/input/joystick/db9.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

coverity spotted this overrun (#id 483), we assign
db9_mode = &db9_modes[mode]; some lines before, so
if we use mode as index again we might get past the
array once mode is greater than DB9_MAX_PAD/2,
besides this this patch changes the code to what
the author possibly intended it to do.

Signed-off-by: Eric Sesterhenn <snakebyte@xxxxxx>

--- linux-2.6.17-git11/drivers/input/joystick/db9.c.orig 2006-06-28 00:06:47.000000000 +0200
+++ linux-2.6.17-git11/drivers/input/joystick/db9.c 2006-06-28 00:08:32.000000000 +0200
@@ -584,7 +584,7 @@ static struct db9 __init *db9_probe(int
goto err_out;
}

- if (db9_mode[mode].bidirectional && !(pp->modes & PARPORT_MODE_TRISTATE)) {
+ if (db9_mode->bidirectional && !(pp->modes & PARPORT_MODE_TRISTATE)) {
printk(KERN_ERR "db9.c: specified parport is not bidirectional\n");
err = -EINVAL;
goto err_put_pp;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Hansen: "[PATCH 15/20] elevate write count for do_sys_utime() and touch_atime()"
Previous message: Dave Hansen: "[PATCH 13/20] elevate writer count for do_sys_truncate()"
Next in thread: Dmitry Torokhov: "Re: [Patch] Overrun in drivers/input/joystick/db9.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]