Smatch found a memory corruption bug in pio2_gpio_reset() but I'm not
sure what the correct fix is:
drivers/staging/vme/devices/vme_pio2_gpio.c +169 pio2_gpio_reset(24)
error: buffer overflow 'card->bank' 4 <= 7
161 /* Set input interrupt masks */
162 for (i = 0; i < 8; i++) {
163 retval = vme_master_write(card->window, &data, 1,
164 PIO2_REGS_INT_MASK[i]);
PIO2_REGS_INT_MASK[] has 8 elements.
165 if (retval < 0)
166 return retval;
167
168 for (j = 0; j < 8; j++)
169 card->bank[i].irq[j] = NONE;
^^^^^^^^^^^^^^^^^^^^
card->bank[] has 4 elements.
card->bank[i].irq[] has 8 elements.
We are inside an 8 by 8 loop so we're writing past the end of the array
here.
170 }
regards,
dan carpenter
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
