From: Phil Carmody <[email protected]>
Handle out-of-range indices before reading what they refer
to. And don't access the one-past-the-end element of the
array either.
Signed-off-by: Phil Carmody <[email protected]>
---
drivers/char/hvsi.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/char/hvsi.c b/drivers/char/hvsi.c
index 793b236..d4b14ff 100644
--- a/drivers/char/hvsi.c
+++ b/drivers/char/hvsi.c
@@ -194,10 +194,8 @@ static inline void print_state(struct hvsi_struct *hp)
"HVSI_WAIT_FOR_MCTRL_RESPONSE",
"HVSI_FSP_DIED",
};
- const char *name = state_names[hp->state];
-
- if (hp->state > ARRAY_SIZE(state_names))
- name = "UNKNOWN";
+ const char *name = (hp->state < ARRAY_SIZE(state_names))
+ ? state_names[hp->state] : "UNKNOWN";
pr_debug("hvsi%i: state = %s\n", hp->index, name);
#endif /* DEBUG */
--
1.6.0.4
On Fri, 16 Apr 2010 14:49:14 +0300
Phil Carmody <[email protected]> wrote:
> From: Phil Carmody <[email protected]>
>
> Handle out-of-range indices before reading what they refer
> to.
Well... That doesn't matter really - as long as we don't dereference it.
> And don't access the one-past-the-end element of the
> array either.
>
Yup, that's a bug.
> ---
> drivers/char/hvsi.c | 6 ++----
> 1 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/char/hvsi.c b/drivers/char/hvsi.c
> index 793b236..d4b14ff 100644
> --- a/drivers/char/hvsi.c
> +++ b/drivers/char/hvsi.c
> @@ -194,10 +194,8 @@ static inline void print_state(struct hvsi_struct *hp)
> "HVSI_WAIT_FOR_MCTRL_RESPONSE",
> "HVSI_FSP_DIED",
> };
> - const char *name = state_names[hp->state];
> -
> - if (hp->state > ARRAY_SIZE(state_names))
> - name = "UNKNOWN";
> + const char *name = (hp->state < ARRAY_SIZE(state_names))
> + ? state_names[hp->state] : "UNKNOWN";
>
> pr_debug("hvsi%i: state = %s\n", hp->index, name);
> #endif /* DEBUG */
> --
> 1.6.0.4