Re: drivers/net/chelsio/sge.c: two array overflows

[Scott Bardone]

Thanks Pete,

This is correct, the array should contain 3 elements. The bug was we were 
accessing a 4th element ([3]) which did not exist. We should be modifying the 
last element ([2]) instead.

-Scott

Hans-Peter Jansen wrote:
> [from the nitpick department..]
>
> Hi Jeff, hi Scott,
>
> Adrian wrote:
>
> > The Coverity checker spotted the following two array overflows in 
> > drivers/net/chelsio/sge.c (in both cases, the arrays contain 3 
> > elements):
>
>
> Am Freitag, 17. März 2006 01:21 schrieb Jeff Garzik:
>
> > Scott Bardone wrote:
> >
> > > Adrian,
> > >
> > > This is a bug. The array should contain 2 elements.
> > >
> > > Attached is a patch which fixes it.
> > > Thanks.
> > >
> > > Signed-off-by: Scott Bardone <sbardone@xxxxxxxxxxx>
> >
> > applied.  please avoid attachments and use a proper patch description
> > in the future.  I had to hand-edit and hand-apply your patch.
>
>
> where you wrote in kernel tree commit 
> 347a444e687b5f8cf0f6485704db1c6024d3:
> This is a bug. The array should contain 2 elements.  Here is the fix.
>
> If I'm not completely off the track, you both committed a description 
> off by one error: since the patch doesn't change the array size, it's 
> presumely¹ still 3 elements, where index 2 references the last one.
>
> Here's hopefully a better patch description:
> Fixed off by one thinko in stats accounting, spotted by Coverity 
> checker, notified by Adrian "The Cleanman" Bunk.
>
> SCR,
> Pete
>
> ¹) otherwise, it's still off by one..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/