Hello Matthew Dharm,
This is an old warning but it looks like it might be valid.
The patch 34008dbfe8c0: "[PATCH] USB Storage: add support for Maxtor
One-Touch button" from Jul 28, 2005, leads to the following Smatch
warning:
"drivers/usb/storage/onetouch.c:248 onetouch_connect_input()
error: usb_fill_int_urb() 'onetouch->data' too small (2 vs 9)"
[ This requires some database configuration to get this warning ].
drivers/usb/storage/onetouch.c
197 maxp = usb_maxpacket(udev, pipe, usb_pipeout(pipe));
^^^^
maxp depends on the end point.
198
199 onetouch = kzalloc(sizeof(struct usb_onetouch), GFP_KERNEL);
200 input_dev = input_allocate_device();
201 if (!onetouch || !input_dev)
202 goto fail1;
203
204 onetouch->data = usb_alloc_coherent(udev, ONETOUCH_PKT_LEN,
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^
ONETOUCH_PKT_LEN is 0x02 so we are ->data is 2 bytes.
205 GFP_KERNEL,
&onetouch->data_dma);
206 if (!onetouch->data)
207 goto fail1;
208
[ snip ].
245 input_dev->open = usb_onetouch_open;
246 input_dev->close = usb_onetouch_close;
247
248 usb_fill_int_urb(onetouch->irq, udev, pipe, onetouch->data,
249 (maxp > 8 ? 8 : maxp),
^^^^^^^^^^^^^^^^^^^
If we use 8 as the transfer size and ->data is only 2 bytes then it
could corrupt memory. (Smatch incorrectly thinks this parameter can
be 9, but even 8 would be too high).
250 usb_onetouch_irq, onetouch,
endpoint->bInterval);
251 onetouch->irq->transfer_dma = onetouch->data_dma;
252 onetouch->irq->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
253
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
