On Wed, May 21, 2014 at 09:55:33AM -0500, scame...@beardog.cce.hp.com wrote: > > Old smatch warnings: > > drivers/scsi/hpsa.c:1042 hpsa_scsi_remove_entry() error: buffer overflow > > 'h->dev' 2081 <= 2081 > > ^^^ Regarding this particular error, I think this may be a false > positive, or at least I cannot see where the problem lies this morning. > > The code in question: > > /* Remove an entry from h->dev[] array. */ > static void hpsa_scsi_remove_entry(struct ctlr_info *h, int hostno, int entry, > struct hpsa_scsi_dev_t *removed[], int *nremoved) > { > /* assumes h->devlock is held */ > int i; > struct hpsa_scsi_dev_t *sd; > > BUG_ON(entry < 0 || entry >= HPSA_MAX_DEVICES);
Let's assume entry == HPSA_MAX_DEVICES - 1. > > sd = h->dev[entry]; > removed[*nremoved] = h->dev[entry]; > (*nremoved)++; > > for (i = entry; i < h->ndevices-1; i++) > h->dev[i] = h->dev[i+1]; <----- this is the line it is > complaining about. ^^^ It is complaining about this. Smatch isn't sure what the maximum value of h->ndevices is but hopefully by this time next year it will be able to understand hpsa_scsi_add_entry() and set it correctly. regards, dan carpenter _______________________________________________ kbuild mailing list kbuild@lists.01.org https://lists.01.org/mailman/listinfo/kbuild