[PATCH 2/2] cpqfc: fix for possible memory out of bounds bugzilla#243
From: Saripalli, Venkata Ramanamurthy (STSD)
Date: Wed Aug 03 2005 - 23:44:10 EST
Patch 2 of 2
This patch fixes the Bugzilla Bug#243. This fix is to solve the possible
memory
out of bounds in BigEndianSwap routine of cpqfcTSworker.c
Please consider this for inclusion
Signed-off-by: Ramanamurthy Saripalli <saripalli@xxxxxx>
cpqfcTScontrol.c | 2 --
cpqfcTSworker.c | 3 +++
2 files changed, 3 insertions(+), 2 deletions(-)
------------------------------------------------------------------------
-------
diff -burpN old/drivers/scsi/cpqfcTScontrol.c
new/drivers/scsi/cpqfcTScontrol.c
--- old/drivers/scsi/cpqfcTScontrol.c 2005-07-12 22:52:29.000000000
+0530
+++ new/drivers/scsi/cpqfcTScontrol.c 2005-07-19 00:33:29.385458328
+0530
@@ -606,7 +606,6 @@ static int PeekIMQEntry( PTACHYON fcChip
if( (fcChip->IMQ->QEntry[CI].type & 0x1FF) == 0x104 )
{
TachFCHDR_GCMND* fchs;
-#error This is too much stack
ULONG ulFibreFrame[2048/4]; // max DWORDS in incoming FC
Frame
USHORT SFQpi = (USHORT)(fcChip->IMQ->QEntry[CI].word[0] &
0x0fffL);
@@ -718,7 +717,6 @@ int CpqTsProcessIMQEntry(void *host)
ULONG x_ID;
ULONG ulBuff, dwStatus;
TachFCHDR_GCMND* fchs;
-#error This is too much stack
ULONG ulFibreFrame[2048/4]; // max number of DWORDS in incoming
Fibre Frame
UCHAR ucInboundMessageType; // Inbound CM, dword 3 "type" field
diff -burpN old/drivers/scsi/cpqfcTSworker.c
new/drivers/scsi/cpqfcTSworker.c
--- old/drivers/scsi/cpqfcTSworker.c 2005-07-12 22:52:29.000000000
+0530
+++ new/drivers/scsi/cpqfcTSworker.c 2005-07-19 00:33:32.245023608
+0530
@@ -4024,6 +4024,9 @@ void BigEndianSwap( UCHAR *source, UCHAR
int i,j;
source+=3; // start at MSB of 1st ULONG
+
+ cnt -= (cnt % 4 );
+
for( j=0; j < cnt; j+=4, source+=4, dest+=4) // every ULONG
{
for( i=0; i<4; i++) // every UCHAR in ULONG
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/