> > [BUG] Possibly the caller's fault.
> > /u1/acc/linux/2.5.48/drivers/ide/ide-lib.c:380:ide_get_best_pio_mode: ERROR:BUFFER:380:380:Array bounds error: ide_pio_timings[6] indexed with [255] [Callstack: /u1/acc/linux/2.5.48/drivers/ide/legacy/qd65xx.c:272:ide_get_best_pio_mode(_, _, 255, _)]
> > pio_mode = max_mode;
> > cycle_time = 0;
> > }
> > if (d) {
> > d->pio_mode = pio_mode;
> >
> > Error --->
> > d->cycle_time = cycle_time ? cycle_time : ide_pio_timings[pio_mode].cycle_time;
> > d->use_iordy = use_iordy;
> > d->overridden = overridden;
> > d->blacklisted = blacklisted;
>
> I can't construct a scenario in which this can occur.
In ide/legacy/qd65xx.c:272 there's a call where max_mode is 255. Right
before the piece of code that the checker warns about is the segment:
if (pio_mode > max_mode) {
pio_mode = max_mode;
cycle_time = 0;
}
Now, it may be that pio_mode can never be >= 255 in this scenario. But if
it can be, then this sets pio_mode to 255.
> > [BUG] [GEM] The caller is probably at fault: look at the call chain.
> > /u1/acc/linux/2.5.48/drivers/video/fbgen.c:180:do_install_cmap: ERROR:BUFFER:180:180:Array bounds error: fb_display[63] indexed with [-1] [Callstack: /u1/acc/linux/2.5.48/drivers/video/aty128fb.c:1746:aty128fb_set_var(_, -1, _) -> /u1/acc/linux/2.5.48/drivers/video/aty128fb.c:1406:do_install_cmap(-1, _)]
> >
> > void do_install_cmap(int con, struct fb_info *info)
> > {
> > if (con != info->currcon)
> > return;
>
> currcon can never be -1. I don't think the compiler can ever deduce that
> detail though.
Then there's some odd code, such as in fbgen.c:gen_switch():
if (info->currcon >= 0) {
...
}
info->currcon = con;
-Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jan 07 2003 - 22:00:20 EST