On Wed, May 21, 2014 at 09:55:33AM -0500, scame...@beardog.cce.hp.com wrote:
> > Old smatch warnings:
> > drivers/scsi/hpsa.c:1042 hpsa_scsi_remove_entry() error: buffer overflow
> > 'h->dev' 2081 <= 2081
>
> ^^^ Regarding this particular error, I think this may be a false
> positive, or at least I cannot see where the problem lies this morning.
>
> The code in question:
>
> /* Remove an entry from h->dev[] array. */
> static void hpsa_scsi_remove_entry(struct ctlr_info *h, int hostno, int entry,
> struct hpsa_scsi_dev_t *removed[], int *nremoved)
> {
> /* assumes h->devlock is held */
> int i;
> struct hpsa_scsi_dev_t *sd;
>
> BUG_ON(entry < 0 || entry >= HPSA_MAX_DEVICES);
Let's assume entry == HPSA_MAX_DEVICES - 1.
>
> sd = h->dev[entry];
> removed[*nremoved] = h->dev[entry];
> (*nremoved)++;
>
> for (i = entry; i < h->ndevices-1; i++)
> h->dev[i] = h->dev[i+1]; <----- this is the line it is
> complaining about.
^^^
It is complaining about this. Smatch isn't sure what the maximum value
of h->ndevices is but hopefully by this time next year it will be able
to understand hpsa_scsi_add_entry() and set it correctly.
regards,
dan carpenter
_______________________________________________
kbuild mailing list
kbuild@lists.01.org
https://lists.01.org/mailman/listinfo/kbuild
