On Dec 13, 9:39pm, plu...@ogmig.net (Iain Hibbert) wrote: -- Subject: CVS commit: src/sys/dev/bluetooth
| | > Module Name: src | > Committed By: christos | > Date: Thu Apr 16 19:53:19 UTC 2015 | > | > Modified Files: | > src/sys/dev/bluetooth: btmagic.c | > | > Log Message: | > CID 1293640/1 memory corruption/overrun | > | > To generate a diff of this commit: | > cvs rdiff -u -r1.12 -r1.13 src/sys/dev/bluetooth/btmagic.c | | http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/bluetooth/btmagic.c.diff?r1=1.12&r2=1.13 | | actually, this seems a false positive since id is extracted from the | report as an unsigned 4-bit value and the array has 16 elements because of | that. | | interestingly, if this were an issue, there is another place where this | would be the same, in btmagic_input_magicm() but Coverity did not pick | that up Yes, but it does not hurt to sdd the tests anyway... christos
