Re: [PATCH 06/12] block/swim: Fix array bounds check

From: Geert Uytterhoeven
Date: Mon Apr 09 2018 - 09:09:05 EST

Next message: Stefan Hajnoczi: "[PATCH] vhost: fix vhost_vq_access_ok() log check"
Previous message: Laurent Pinchart: "Re: [RFC v2 2/2] base: dma-mapping: Postpone page_to_pfn() on mmap()"
Next in thread: Finn Thain: "Re: [PATCH 06/12] block/swim: Fix array bounds check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Finn,

On Sun, Apr 1, 2018 at 3:41 AM, Finn Thain <fthain@xxxxxxxxxxxxxxxxxxx> wrote:
> In the floppy_find() function in swim.c is a call to
> get_disk(swd->unit[drive].disk). The actual parameter to this call
> can be a NULL pointer when drive == swd->floppy_count. This causes
> an oops in get_disk().
>
> Data read fault at 0x00000198 in Super Data (pc=0x1be5b6)

[...]

> Fix the array index bounds check to avoid this.
>
> Fixes: 8852ecd97488 ("[PATCH] m68k: mac - Add SWIM floppy support")
> Cc: Laurent Vivier <lvivier@xxxxxxxxxx>
> Cc: Jens Axboe <axboe@xxxxxxxxx>
> Tested-by: Stan Johnson <userm57@xxxxxxxxx>
> Signed-off-by: Finn Thain <fthain@xxxxxxxxxxxxxxxxxxx>

Reviewed-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>

Looks like amiflop.c:find_floppy() needs a check, too?

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

Next message: Stefan Hajnoczi: "[PATCH] vhost: fix vhost_vq_access_ok() log check"
Previous message: Laurent Pinchart: "Re: [RFC v2 2/2] base: dma-mapping: Postpone page_to_pfn() on mmap()"
Next in thread: Finn Thain: "Re: [PATCH 06/12] block/swim: Fix array bounds check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]