Module Name: src Committed By: christos Date: Thu Apr 17 16:04:47 UTC 2014
Modified Files: src/sys/dev/ic: aic79xx.c Log Message: CID/1203192, CID/1203193: Out of bounds read To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/sys/dev/ic/aic79xx.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/ic/aic79xx.c diff -u src/sys/dev/ic/aic79xx.c:1.47 src/sys/dev/ic/aic79xx.c:1.48 --- src/sys/dev/ic/aic79xx.c:1.47 Thu Mar 27 14:28:26 2014 +++ src/sys/dev/ic/aic79xx.c Thu Apr 17 12:04:47 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: aic79xx.c,v 1.47 2014/03/27 18:28:26 christos Exp $ */ +/* $NetBSD: aic79xx.c,v 1.48 2014/04/17 16:04:47 christos Exp $ */ /* * Core routines and tables shareable across OS platforms. @@ -49,7 +49,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: aic79xx.c,v 1.47 2014/03/27 18:28:26 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: aic79xx.c,v 1.48 2014/04/17 16:04:47 christos Exp $"); #include <dev/ic/aic79xx_osm.h> #include <dev/ic/aic79xx_inline.h> @@ -8605,13 +8605,11 @@ ahd_print_register(ahd_reg_parse_entry_t *cur_column = 0; } printed = snprintf(line, sizeof(line), "%s[0x%x]", name, value); - if (printed > sizeof(line)) printed = sizeof(line); if (table == NULL) { - printed += snprintf(&line[printed], (sizeof line) - printed, - " "); - if (printed > sizeof(line)) - printed = sizeof(line); + if (printed < sizeof(line)) + printed += snprintf(&line[printed], + (sizeof line) - printed, printf("%s", line); if (cur_column != NULL) *cur_column += printed; @@ -8627,12 +8625,11 @@ ahd_print_register(ahd_reg_parse_entry_t || ((printed_mask & table[entry].mask) == table[entry].mask)) continue; - if (printed > sizeof(line)) - printed = sizeof(line); - printed += snprintf(&line[printed], - (sizeof line) - printed, "%s%s", - printed_mask == 0 ? ":(" : "|", - table[entry].name); + if (printed < sizeof(line)) + printed += snprintf(&line[printed], + (sizeof line) - printed, "%s%s", + printed_mask == 0 ? ":(" : "|", + table[entry].name); printed_mask |= table[entry].mask; break; @@ -8640,14 +8637,14 @@ ahd_print_register(ahd_reg_parse_entry_t if (entry >= num_entries) break; } - if (printed > sizeof(line)) - printed = sizeof(line); - if (printed_mask != 0) - printed += snprintf(&line[printed], - (sizeof line) - printed, ") "); - else - printed += snprintf(&line[printed], - (sizeof line) - printed, " "); + if (printed < sizeof(line)) { + if (printed_mask != 0) + printed += snprintf(&line[printed], + (sizeof line) - printed, ") "); + else + printed += snprintf(&line[printed], + (sizeof line) - printed, " "); + } if (cur_column != NULL) *cur_column += printed; printf("%s", line);