projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f52e86) | patch
pcmcia: avoid buffer overflow in pcmcia_setup_isa_irq
authorDominik Brodowski <linux@dominikbrodowski.net>
Tue, 3 Aug 2010 07:33:45 +0000 (09:33 +0200)
committerDominik Brodowski <linux@dominikbrodowski.net>
Tue, 3 Aug 2010 14:43:13 +0000 (16:43 +0200)
commit127c03cdbad9bd5af5d7f33bd31a1015a90cb77f
treea948c5814a7d2e82801927bc3d5f06d3d7056ab0tree | snapshot (tar.gz zip)
parent0f52e86ded65749c6037473013ad77b2afa4f68dcommit | diff
pcmcia: avoid buffer overflow in pcmcia_setup_isa_irq

NR_IRQS may be as low as 16, causing a (harmless?) buffer overflow in
pcmcia_setup_isa_irq():

static u8 pcmcia_used_irq[NR_IRQS];

...

if ((try < 32) && pcmcia_used_irq[irq])
continue;

This is read-only, so if this address would be non-zero, it would just
mean we would not attempt an IRQ >= NR_IRQS -- which would fail anyway!
And as request_irq() fails for an irq >= NR_IRQS, the setting code path:

pcmcia_used_irq[irq]++;

is never reached as well.

Reported-by: Christoph Fritz <chf.fritz@googlemail.com>
CC: stable@kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
drivers/pcmcia/pcmcia_resource.c diff | blob | blame | history