Here is a list for 2.1.27. This is a kernel with everything compiled in,
"everything" meaning: everything that compiles at all. Especially in
drivers/net and drivers/isdn there is a lot of stuff that makes problems (and
some of those files include stdlib.h and stdio.h! Argh!)
c3c de4x5_ioctl
c2c ewrk3_ioctl
Better pray that no interrupts happen...
c0300873 <reorder+6f> subl %ecx,%esp
c030084c <reorder+48> subl %eax,%esp
c02e2d97 <reorder+6f> subl %ecx,%esp
c02e2d70 <reorder+48> subl %eax,%esp
c02661ea <DumpData+1e> subl %eax,%esp
c01bc0ef <ncp_rename+3b> subl %eax,%esp
c01bc0d8 <ncp_rename+24> subl %eax,%esp
c01bbf71 <ncp_unlink+21> subl %eax,%esp
c01bbe0d <ncp_rmdir+21> subl %eax,%esp
c01bbc86 <ncp_mkdir+2a> subl %eax,%esp
c01bba53 <ncp_create+27> subl %eax,%esp
c01bb4dc <ncp_lookup+34> subl %eax,%esp
c01a8925 <nfs_lookup+2d> subl %eax,%esp
Someone might want to have a look at the ncp_* functions, I checked one and
it didn't seem to do any size checks.
a64 cdromread
5b4 isdn_set_allcfg
5b4 UMSDOS_ioctl_dir
590 huft_build
514 inflate_dynamic
510 aic7xxx_isr
490 inflate_fixed
448 smb_proc_readdir_long
440 smb_proc_setattr_trans2
424 smb_proc_getattr_trans2
41c aic7xxx_reset_device
418 root_nfs_name
418 pcbit_writecmd
410 ncp_trigger_message
40c isdn_tty_senddown
3e0 isdn_tty_end_vrx
360 wavelan_ioctl
350 isdn_ioctl
328 vfat_find
2f8 wv_hw_reset
2dc elf_core_dump
28c rd_load_image
280 BusLogic_InitializeAddressProbeList
270 eata2x_detect
26c umsdos_find
250 umsdos_rename_f
24c block_write
248 umsdos_readdir_x
240 block_read
240 UMSDOS_unlink
22c umsdos_lookup_x
22c BusLogic_DetectHostAdapter
224 UMSDOS_link
218 fdomain_16x0_biosparam
218 cdrom_read_intr
20c xd_seagate_init_drive
208 xd_wd_init_drive
200 scsi_make_blocked_list
200 print_selftest
200 mcdx_open
200 eata_pio_detect
200 eata_detect
200 cdrom_buffer_sectors
(offenders between 100 and 200 deleted for brevity)
Bernd