2007-05-21 22:58:17

by Eric Sesterhenn

Subject: [Patch] Off by one in floppy.c

hi,

another coverity patch i forgot to resend,
original thread here
http://marc.info/?l=linux-kernel&m=115144559823592&w=2

In case drive == N_DRIVE, we get one past the drive_params array.

Signed-off-by: Eric Sesterhenn <[email protected]>


--- linux-2.6/drivers/block/floppy.c.orig 2007-05-22 00:54:03.000000000 +0200
+++ linux-2.6/drivers/block/floppy.c 2007-05-22 00:54:18.000000000 +0200
@@ -670,7 +670,7 @@ static void __reschedule_timeout(int dri
if (drive == current_reqD)
drive = current_drive;
del_timer(&fd_timeout);
- if (drive < 0 || drive > N_DRIVE) {
+ if (drive < 0 || drive >= N_DRIVE) {
fd_timeout.expires = jiffies + 20UL * HZ;
drive = 0;
} else

2007-05-22 01:07:42

by Pete Zaitcev

Subject: Re: [Patch] Off by one in floppy.c

On Tue, 22 May 2007 00:57:56 +0200, Eric Sesterhenn / Snakebyte <[email protected]> wrote:

> http://marc.info/?l=linux-kernel&m=115144559823592&w=2

Shows how much we care about floppy... It's going to be a year old soon.

> +++ linux-2.6/drivers/block/floppy.c 2007-05-22 00:54:18.000000000 +0200
> @@ -670,7 +670,7 @@ static void __reschedule_timeout(int dri
> if (drive == current_reqD)
> drive = current_drive;
> del_timer(&fd_timeout);
> - if (drive < 0 || drive > N_DRIVE) {
> + if (drive < 0 || drive >= N_DRIVE) {

You need to find someone willing to take this. Maybe Andrew.

-- Pete