RE: [PATCH] cciss: Off-by-one error causing oops in CCISS_GETLUNIFOioctl

[Miller, Mike (OS Dev)]

> This patch fixes an an "off-by-one" error found in the CCISS_GETLUNIFO
> ioctl in the cciss driver.  It is cycling through the part 
> table of the
> gendisk structure which is a zero-based array, not a one-based array.
> This often causes an oops when referencing the out-of-bounds 
> element.  
> 
> Signed-off by: Andrew Patterson <andrew.patterson@xxxxxx>
> ---
Thanks, Andrew, but I was informed in no uncertain terms that my driver has "no damn business" reading the part table struct. This ioctl will be removed in the next version of the driver. Applications that use this should be changed to use readdir.

Thanks,
mikem

> 
> --- linux-2.6.9/drivers/block/cciss.c.orig	2004-11-24 
> 10:22:30.000000000 -0700
> +++ linux-2.6.9/drivers/block/cciss.c	2004-11-24 
> 10:27:38.000000000 -0700
> @@ -799,7 +799,7 @@
>   		luninfo.num_opens = drv->usage_count;
>   		luninfo.num_parts = 0;
>   		/* count partitions 1 to 15 with sizes > 0 */
> - 		for(i=1; i <MAX_PART; i++) {
> + 		for(i=0; i <MAX_PART-1; i++) {
>  			if (!disk->part[i])
>  				continue;
>  			if (disk->part[i]->nr_sects != 0)
> 
> 
> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/