subject:"Re\: \[PATCH 06\/12\] block\/swim\: Fix array bounds check"

Re: [PATCH 06/12] block/swim: Fix array bounds check

2018-04-09 Thread Finn Thain

On Mon, 9 Apr 2018, Geert Uytterhoeven wrote: > Looks like amiflop.c:find_floppy() needs a check, too? > AFAICS there is no array index bug in floppy_find() in amiflop.c. The 'unit' array's size is FD_MAX_UNITS which is defined as 4 in include/linux/amifd.h, and the array index is drive =

Re: [PATCH 06/12] block/swim: Fix array bounds check

2018-04-09 Thread Geert Uytterhoeven

Hi Finn, On Sun, Apr 1, 2018 at 3:41 AM, Finn Thain wrote: > In the floppy_find() function in swim.c is a call to > get_disk(swd->unit[drive].disk). The actual parameter to this call > can be a NULL pointer when drive == swd->floppy_count. This causes > an oops in