[bug report] Linux-2.6.12-rc2
Dan Carpenter
dan.carpenter at oracle.com
Fri Jul 15 08:22:24 AEST 2016
Hi PPC Devs,
The patch 1da177e4c3f4: "Linux-2.6.12-rc2" from Apr 16, 2005, leads
to the following static checker warning:
arch/powerpc/sysdev/ipic.c:783 ipic_set_priority()
error: buffer overflow 'ipic_info' 95 <= 127
arch/powerpc/sysdev/ipic.c
36 static struct ipic_info ipic_info[] = {
37 [1] = {
38 .mask = IPIC_SIMSR_H,
39 .prio = IPIC_SIPRR_C,
40 .force = IPIC_SIFCR_H,
41 .bit = 16,
42 .prio_mask = 0,
43 },
[ huge 95 element array snipped ]
500 [94] = {
501 .mask = IPIC_SIMSR_L,
502 .prio = 0,
503 .force = IPIC_SIFCR_L,
504 .bit = 30,
505 },
506 };
[ more code snipped ]
773 int ipic_set_priority(unsigned int virq, unsigned int priority)
774 {
775 struct ipic *ipic = ipic_from_irq(virq);
776 unsigned int src = virq_to_hw(virq);
777 u32 temp;
778
779 if (priority > 7)
780 return -EINVAL;
781 if (src > 127)
^^^^^^^^^
We cap this at 127
782 return -EINVAL;
783 if (ipic_info[src].prio == 0)
^^^^^^^^^^^^^^
But we only have 95 elements. Should the array be larger or should
we >= ARRAY_SIZE(ipic_info) is invalid?
784 return -EINVAL;
785
regards,
dan carpenter
More information about the Linuxppc-dev
mailing list