On Wed, 2015-11-04 at 16:26 +0300, Dan Carpenter wrote:
> Smatch complains about a possible out of bounds error:
>
> drivers/vfio/pci/vfio_pci_config.c:1241 vfio_cap_init()
> error: buffer overflow 'pci_cap_length' 20 <= 20
>
> Fix this by making the array larger.
>
> Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
>
> diff --git a/drivers/vfio/pci/vfio_pci_config.c
> b/drivers/vfio/pci/vfio_pci_config.c
[]
> @@ -46,7 +46,7 @@
> * 0: Removed from the user visible capability list
> * FF: Variable length
> */
> -static u8 pci_cap_length[] = {
> +static u8 pci_cap_length[PCI_CAP_ID_MAX + 1] = {
> [PCI_CAP_ID_BASIC] = PCI_STD_HEADER_SIZEOF, /* pci config header */
> [PCI_CAP_ID_PM] = PCI_PM_SIZEOF,
> [PCI_CAP_ID_AGP] = PCI_AGP_SIZEOF,
Doesn't the same thing happen with pci_ext_cap_length?
Both array declarations might be better as const.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
