Re: [Patch] Off by one in drivers/usb/input/yealink.c
From: Randy.Dunlap
Date: Tue Jun 27 2006 - 19:14:13 EST
On Wed, 28 Jun 2006 01:04:16 +0200 Eric Sesterhenn / Snakebyte wrote:
> * Randy.Dunlap (rdunlap@xxxxxxxxxxxx) wrote:
> > On Wed, 28 Jun 2006 00:41:19 +0200 Eric Sesterhenn wrote:
> >
> > > another off by one spotted by coverity (id #485),
> > > we loop exactly one time too often
> > >
> > > --- linux-2.6.17-git11/drivers/usb/input/yealink.c.orig 2006-06-28 00:29:46.000000000 +0200
> > > +++ linux-2.6.17-git11/drivers/usb/input/yealink.c 2006-06-28 00:30:04.000000000 +0200
> > > @@ -350,7 +350,7 @@ static int yealink_do_idle_tasks(struct
> > > val = yld->master.b[ix];
> > > if (val != yld->copy.b[ix])
> > > goto send_update;
> > > - } while (++ix < sizeof(yld->master));
> > > + } while (++ix < sizeof(yld->master)-1);
> > >
> > > /* nothing todo, wait a bit and poll for a KEYPRESS */
> > > yld->stat_ix = 0;
> >
> > FWIW, on this one and the previous floppy.c patch,
> > I would rather see the comparison be <= instead of using -1.
>
> maybe it is too late, but wouldnt the <= make the loop
> run even more iterations, like (++ix < sizeof() + 1)
:) Yep.
so for the floppy.c patch, I still prefer to see:
+ if (drive < 0 || drive >= N_DRIVE) {
instead of
+ if (drive < 0 || drive > N_DRIVE-1) {
Does that make sense?
---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/