Re: [PATCH 06/12] block/swim: Fix array bounds check

[Finn Thain]

On Mon, 9 Apr 2018, Geert Uytterhoeven wrote:

> Looks like amiflop.c:find_floppy() needs a check, too?
> 

AFAICS there is no array index bug in floppy_find() in amiflop.c. 
The 'unit' array's size is FD_MAX_UNITS which is defined as 4 in 
include/linux/amifd.h, and the array index is drive = *part & 3.

-- 
--
To unsubscribe from this list: send the line "unsubscribe linux-m68k" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 06/12] block/swim: Fix array bounds check

[Geert Uytterhoeven]

Hi Finn,

On Sun, Apr 1, 2018 at 3:41 AM, Finn Thain  wrote:
> In the floppy_find() function in swim.c is a call to
> get_disk(swd->unit[drive].disk). The actual parameter to this call
> can be a NULL pointer when drive == swd->floppy_count. This causes
> an oops in get_disk().
>
> Data read fault at 0x0198 in Super Data (pc=0x1be5b6)

[...]

> Fix the array index bounds check to avoid this.
>
> Fixes: 8852ecd97488 ("[PATCH] m68k: mac - Add SWIM floppy support")
> Cc: Laurent Vivier 
> Cc: Jens Axboe 
> Tested-by: Stan Johnson 
> Signed-off-by: Finn Thain 

Reviewed-by: Geert Uytterhoeven 

Looks like amiflop.c:find_floppy() needs a check, too?

Gr{oetje,eeting}s,

Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-m68k" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html