[PATCH] freescale: beyond ARRAY_SIZE of fdev->chan

Li Yang leoli at freescale.com
Fri May 22 18:03:26 EST 2009


On Wed, May 20, 2009 at 7:17 AM, Roel Kluin <roel.kluin at gmail.com> wrote:
> Do not go beyond ARRAY_SIZE of fdev->chan
>
> Signed-off-by: Roel Kluin <roel.kluin at gmail.com>

Indeed, thanks.

But I would like the title and description of this patch be changed to
like this:

fsldma: fix check on potential fdev->chan[] overflow

Fix the check of potential array overflow when using corrupted channel
device tree nodes.

> ---
> diff --git a/drivers/dma/fsldma.c b/drivers/dma/fsldma.c
> index da8a8ed..391b1bd 100644
> --- a/drivers/dma/fsldma.c
> +++ b/drivers/dma/fsldma.c
> @@ -830,7 +830,7 @@ static int __devinit fsl_dma_chan_probe(struct fsl_dma_device *fdev,
>                        new_fsl_chan->reg.end - new_fsl_chan->reg.start + 1);
>
>        new_fsl_chan->id = ((new_fsl_chan->reg.start - 0x100) & 0xfff) >> 7;
> -       if (new_fsl_chan->id > FSL_DMA_MAX_CHANS_PER_DEVICE) {
> +       if (new_fsl_chan->id >= FSL_DMA_MAX_CHANS_PER_DEVICE) {
>                dev_err(fdev->dev, "There is no %d channel!\n",
>                                new_fsl_chan->id);
>                err = -EINVAL;



More information about the Linuxppc-dev mailing list