Re: drivers/net/at1700.c: at1700_probe1: array overflow
From: null
Date: Tue Mar 29 2005 - 19:50:24 EST
On Fri, 25 Mar 2005, Adrian Bunk wrote:
> Date: Fri, 25 Mar 2005 21:38:20 +0100
> From: Adrian Bunk <bunk@xxxxxxxxx>
> To: Roland Dreier <roland@xxxxxxxxxxx>
> Cc: jgarzik@xxxxxxxxx, linux-net@xxxxxxxxxxxxxxx,
> linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: drivers/net/at1700.c: at1700_probe1: array overflow
>
> On Fri, Mar 25, 2005 at 10:42:11AM -0800, Roland Dreier wrote:
> > Adrian> This can result in indexing in an array with 8 entries the
> > Adrian> 10th entry.
> >
> > Well, not really, since the first 8 entries of the array have every
> > 3-bit pattern. So pos3 & 0x07 will always match one of them.
> >
> > I agree it would be cleaner to make the loop only go up to 7 though.
>
> You either have this (impossible) overflow, or the case l_i == 7 isn't
> tested explicitely.
>
> I'd say simply leave it as it is now.
>
> But if noone disagrees, I'm inclined to add a comment.
>
> > - R.
>
> cu
> Adrian
>
But on the other hand why loop if you don't have to?
static int at1700_ioaddr_pattern[] __initdata = {
- 0x00, 0x04, 0x01, 0x05, 0x02, 0x06, 0x03, 0x07
+ 0x00, 0x02, 0x04, 0x06, 0x01, 0x03, 0x05, 0x07
};
...
static int __init at1700_probe1(struct net_device *dev, int ioaddr)
{
...
- for (l_i = 0; l_i < 0x09; l_i++)
- if (( pos3 & 0x07) == at1700_ioaddr_pattern[l_i])
- break;
- ioaddr = at1700_mca_probe_list[l_i];
+ ioaddr = at1700_mca_probe_list[at1700_ioaddr_pattern[pos3&7]];
...
}
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html