[bug report] Linux-2.6.12-rc2
Michael Ellerman
mpe at ellerman.id.au
Fri Jul 15 13:24:11 AEST 2016
Dan Carpenter <dan.carpenter at oracle.com> writes:
> Hi PPC Devs,
>
> The patch 1da177e4c3f4: "Linux-2.6.12-rc2" from Apr 16, 2005, leads
Might want to special case that one :)
> to the following static checker warning:
>
> arch/powerpc/sysdev/ipic.c:783 ipic_set_priority()
> error: buffer overflow 'ipic_info' 95 <= 127
...
>
> 773 int ipic_set_priority(unsigned int virq, unsigned int priority)
> 774 {
> 775 struct ipic *ipic = ipic_from_irq(virq);
> 776 unsigned int src = virq_to_hw(virq);
> 777 u32 temp;
> 778
> 779 if (priority > 7)
> 780 return -EINVAL;
> 781 if (src > 127)
> ^^^^^^^^^
> We cap this at 127
>
> 782 return -EINVAL;
> 783 if (ipic_info[src].prio == 0)
> ^^^^^^^^^^^^^^
> But we only have 95 elements. Should the array be larger or should
> we >= ARRAY_SIZE(ipic_info) is invalid?
I don't know the code personally, but looking at the history it seems new
interrupts are added manually with specific flags.
So testing against ARRAY_SIZE would be the best fix AFAICS.
cheers
More information about the Linuxppc-dev
mailing list