Hey Wolfram,
On Sun, Aug 02, 2009 at 09:44:56AM +0200, Wolfram Sang wrote:
> this bug report[1] fixes two places which might exceed the fn[]-array. Looking
> at the git-repos, just one of the two made it upstream.
thanks for noting this. What about the attached patch, which I intend to
merge into pcmciautils at the next opportunity.
Best,
Dominik
pccardctl: add array out-of-bounds exception (2)
Fix another instance where an array out-of-bounds exception relating to
func_id was triggered. Spotted at[1], still pending bugfix noted by
Wolfram Sang.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406251
Signed-off-by: Dominik Brodowski <[email protected]>
diff --git a/src/pccardctl.c b/src/pccardctl.c
index d3d3317..d5cbfef 100644
--- a/src/pccardctl.c
+++ b/src/pccardctl.c
@@ -589,8 +589,12 @@ static int lspcmcia(unsigned long socket_no, int verbose)
if (!pccardctl_get_one(socket_no, "manf_id", &manf_id))
if (!pccardctl_get_one(socket_no, "card_id",
&card_id))
printf("manf_id: 0x%04x\tcard_id:
0x%04x\n\t\t\t", manf_id, card_id);
- if (!pccardctl_get_one(socket_no, "func_id", &manf_id))
- printf("function: %d (%s)\n\t\t\t", manf_id,
fn[manf_id]);
+ if (!pccardctl_get_one(socket_no, "func_id", &manf_id))
{
+ const char *s = "unknown";
+ if (manf_id < sizeof(fn)/sizeof(*fn))
+ s = fn[manf_id];
+ printf("function: %d (%s)\n\t\t\t", manf_id, s);
+ }
for (j=1;j<=4;j++) {
snprintf(file, SYSFS_PATH_MAX, "prod_id%d", j);
pccardctl_get_string(socket_no, file, &res);
_______________________________________________
Linux PCMCIA reimplementation list
http://lists.infradead.org/mailman/listinfo/linux-pcmcia
