cyclades: fix read buffer overflow · 196b3167ef - Gogs

cyclades: fix read buffer overflow

irq is declared with size NR_CARDS (4), but the loop containing this
segment runs up until NR_ISA_ADDRS (16), possibly reading from irq[i] (and
trying to use the result)

Identified by the Parfait static scanner.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Roel Kluin 15 jaren geleden

bovenliggende

75e3a6aed9

commit

196b3167ef

1 gewijzigde bestanden met toevoegingen van 1 en 1 verwijderingen

Zij-aan-zij weergave Toon Diff Stats

						
							+ 1
							
							- 1
						
drivers/char/cyclades.c
							 
								Bestand weergeven
							
				@@ -3354,7 +3354,7 @@ static int __init cy_detect_isa(void)
			
				 			continue;
			
				 		}
			
				 #ifdef MODULE
			
				-		if (isparam && irq[i])
			
				+		if (isparam && i < NR_CARDS && irq[i])
			
				 			cy_isa_irq = irq[i];
			
				 		else
			
				 #endif