Hi, > On 26 August 2011 22:33, Larry Finger <[email protected]> wrote: > Smatch outputs the following message: > > drivers/staging/rtl8192e/r8192E_cmdpkt.c +412 cmpk_message_handle_rx(70) > error: buffer overflow 'priv->stats.rxcmdpkt' 4 <= 7 > > 407 RT_TRACE(COMP_CMDPKT, > "---->cmpk_message_handle_rx():" > 408 "unknow CMD Element\n"); > 409 return 1; > 410 } > 411 > 412 priv->stats.rxcmdpkt[element_id]++; > ^^^^^^^^^^ > ->stats.rxcmdpkt[] only has 4 elements, but from the switch statement > in the section before we can see that element_id can go up to 7 > (RX_TX_RATE_HISTORY). > > Reported-by: Dan Carpenter <[email protected]> > Signed-off-by: Larry Finger <[email protected]> > --- > drivers/staging/rtl8192e/rtl_core.h | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/staging/rtl8192e/rtl_core.h > b/drivers/staging/rtl8192e/rtl_core.h > index 5b78530..78ae738 100644 > --- a/drivers/staging/rtl8192e/rtl_core.h > +++ b/drivers/staging/rtl8192e/rtl_core.h > @@ -388,7 +388,7 @@ struct rt_stats { > unsigned long rxrdu; > unsigned long rxok; > unsigned long rxframgment; > - unsigned long rxcmdpkt[4]; > + unsigned long rxcmdpkt[7];
Doesn't it need to be sized 8 if 7 is the highest element_id? Regards, Jonas _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
