Re: out-of-bounds array index
From: Jesse Barnes
Date: Thu Feb 07 2008 - 14:16:56 EST
On Thursday, February 07, 2008 10:56 am Jens Axboe wrote:
> Hi,
>
> Just saw this from gcc:
>
> drivers/char/drm/i915_drv.c: In function ?i915_suspend?:
> drivers/char/drm/i915_drv.c:173: warning: array subscript is above array
> bounds
> CC [M] drivers/char/drm/i915_dma.o
> drivers/char/drm/i915_drv.c: In function ?i915_resume?:
> drivers/char/drm/i915_drv.c:220: warning: array subscript is above array
> bounds
>
> It's this code:
>
> dev_priv->saveGR[0x18] =
> i915_read_indexed(VGA_GR_INDEX, VGA_GR_DATA, 0x18);
>
> which looks legit, since saveGR is
>
> u8 saveGR[24];
>
> It has been introduced by commit
> ba8bbcf6ff4650712f64c0ef61139c73898e2165, which seems to be you Jesse.
Just a silly off by one, don't know why I didn't catch it earlier. I'll push
the fix to the drm tree. Linus, you may want to take it in parallel.
Jesse
Make sure we have enough room for all the GR registers or we'll end up
clobbering the AR index register (which should actually be harmless unless
the BIOS is making an assumption about it).
Signed-off-by: Jesse Barnes <jesse.barnes@xxxxxxxxx>
diff --git a/drivers/char/drm/i915_drv.h b/drivers/char/drm/i915_drv.h
index 37bbf67..f8308bf 100644
--- a/drivers/char/drm/i915_drv.h
+++ b/drivers/char/drm/i915_drv.h
@@ -187,7 +187,7 @@ typedef struct drm_i915_private {
u32 saveSWF2[3];
u8 saveMSR;
u8 saveSR[8];
- u8 saveGR[24];
+ u8 saveGR[25];
u8 saveAR_INDEX;
u8 saveAR[20];
u8 saveDACMASK;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/