Re: [lm-sensors] drivers/hwmon/lm93.c: array overruns

From: Hans-Jürgen Koch
Date: Tue Jul 24 2007 - 04:27:27 EST

Next message: Satyam Sharma: "Re: [PATCH 6/8] i386: bitops: Don't mark memory as clobberedunnecessarily"
Previous message: Rodolfo Giometti: "Re: [PATCH] LinuxPPS - definitive version"
In reply to: Jean Delvare: "Re: [lm-sensors] drivers/hwmon/lm93.c: array overruns"
Next in thread: Jean Delvare: "Re: [lm-sensors] drivers/hwmon/lm93.c: array overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Dienstag 24 Juli 2007 10:10 schrieb Jean Delvare:
> Hi Hans,
>
> On Mon, 23 Jul 2007 09:36:57 +0200, Hans-Jürgen Koch wrote:
> > Am Montag 23 Juli 2007 02:54 schrieb Adrian Bunk:
> > > The Coverity checker spotted the following array overruns
> > > in drivers/hwmon/lm93.c:
> > >
> > > <-- snip -->
> > >
> > > ...
> > > struct lm93_data {
> > > ...
> > > struct {
> > > u8 min;
> > > u8 max;
> > > } temp_lim[3];
> > > ...
> > > };
> > > ...
> > > static void lm93_update_client_common(struct lm93_data *data,
> > > struct i2c_client *client)
> > > {
> > > ...
> > > for (i = 0; i < 4; i++) {
> > > data->temp_lim[i].min =
> > > lm93_read_byte(client, LM93_REG_TEMP_MIN(i));
> > > data->temp_lim[i].max =
> > > lm93_read_byte(client, LM93_REG_TEMP_MAX(i));
> > > }
> > > ...
> > >
> > > <-- snip -->
> >
> > This patch should fix it. Thanks a lot, Adrian!
> >
> > ----
> > This fixes an array overflow bug. We have 4 pairs of min/max temperature
> > limits, not 3.
> >
> > Signed-off-by: Hans J. Koch <hjk@xxxxxxxxxxxxx>
> >
> > --
> > Index: linux-2.6.23-rc/drivers/hwmon/lm93.c
> > ===================================================================
> > --- linux-2.6.23-rc.orig/drivers/hwmon/lm93.c 2007-07-23 09:22:56.000000000 +0200
> > +++ linux-2.6.23-rc/drivers/hwmon/lm93.c 2007-07-23 09:29:37.000000000 +0200
> > @@ -234,7 +234,7 @@
> > struct {
> > u8 min;
> > u8 max;
> > - } temp_lim[3];
> > + } temp_lim[4];
> >
> > /* vin1 - vin16: low and high limits */
> > struct {
>
> This will do as a quick fix, so:
>
> Acked-by: Jean Delvare <khali@xxxxxxxxxxxx>
>
> However, I see that temp4 (which isn't a real temperature channel) is
> not exposed in sysfs. Reading and storing register values you never use
> doesn't seem particularly interesting, so something needs to be done
> here: either drop support for temp4 entirely, or expose the temp4
> values in sysfs.

I've got that on my TODO list. I'll soon work on that driver again. I'm still
waiting for that #§$?& NDA-covered datasheet of the LM94. As soon as I've got
that, I need to review all these values anyway because there might be subtle
differences between LM93 and LM94.
For the moment, I'd like to postpone the decision about what to do with temp4.

Thanks anyway for pointing this out.

Hans

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Satyam Sharma: "Re: [PATCH 6/8] i386: bitops: Don't mark memory as clobberedunnecessarily"
Previous message: Rodolfo Giometti: "Re: [PATCH] LinuxPPS - definitive version"
In reply to: Jean Delvare: "Re: [lm-sensors] drivers/hwmon/lm93.c: array overruns"
Next in thread: Jean Delvare: "Re: [lm-sensors] drivers/hwmon/lm93.c: array overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]