[PATCH] powerpc/ipic: Fix a bounds check in ipic_set_priority()

Michael Ellerman mpe at ellerman.id.au
Wed Dec 5 14:26:47 AEDT 2018


Hi Dan,

Thanks for the patch.

Dan Carpenter <dan.carpenter at oracle.com> writes:
> The ipic_info[] array only has 95 elements so I have made the bounds
> check smaller to prevent a read overflow.  It was Smatch that found
> this issue:
>
>     arch/powerpc/sysdev/ipic.c:784 ipic_set_priority()
>     error: buffer overflow 'ipic_info' 95 <= 127
>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> ---
> I wasn't able to find any callers of this code.  Maybe we removed the
> last one in commit b9f0f1bb2bca ("[POWERPC] Adapt ipic driver to new
> host_ops interface, add set_irq_type to set IRQ sense").  So perhaps we
> should just remove it.  I'm not really comfortable doing that myself,
> because I don't know the code well enough and can't build test
> it properly.

Hah wow, last usage removed in 2006!

I don't see any mention of it since then, so I'll remove it. If it
breaks something we can put it back.

Can smatch help us find things like this that are defined non-static but
never used?

cheers


More information about the Linuxppc-dev mailing list