Re: [CHECKER] 74 potential buffer overruns in 2.5.33

From: Jens Axboe (axboe@suse.de)
Date: Wed Nov 20 2002 - 02:50:48 EST


On Tue, Nov 19 2002, Andy Chou wrote:
> Here are 74 out-of-bounds array accesses in Linux 2.5.33 found by the

Ewwww, why so old??

> [BUG] Seems bad.
> /home/acc/linux/2.5.33/drivers/block/ll_rw_blk.c:556:blk_dump_rq_flags:
> ERROR:BUFFER:556:556:Array bounds error: rq_flags[12] indexed with [12]
>
> printk("%s: dev %02x:%02x: ", msg, major(rq->rq_dev),
> minor(rq->rq_dev));
> bit = 0;
> do {
> if (rq->flags & (1 << bit))
>
> Error --->
> printk("%s ", rq_flags[bit]);
> bit++;
> } while (bit < __REQ_NR_BITS);

This was due to someone adding and removing __REQ_* flags and not
changing blk_dump_rq_flags(). 2.5.48 has no such bug anymore, I fixed
this up long ago.

-- 
Jens Axboe

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Nov 23 2002 - 22:00:31 EST