From: Peter Huewe Date: Tue, 19 Feb 2013 04:18:51 +0000 (+0100) Subject: staging/slicoss: Fix buffer possible overflow in slic_card_locate X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=20d403e801272b84e033b8f17d3e45c4f66507c7;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging/slicoss: Fix buffer possible overflow in slic_card_locate smatch complains about a possible buffer overflow slicoss.c:3651 slic_card_locate() error: buffer overflow 'physcard->adapter' 4 <= 4 If the for loop is not exited prematurely i++ is executed after the last iteration and thus i can be 4, which is out of bounds for physcard->adapter. -> Add check for this condition and simplify the if statement by inverting the condition. Signed-off-by: Peter Huewe Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c index fc085856c027..48056bf910b3 100644 --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c @@ -3643,11 +3643,12 @@ static u32 slic_card_locate(struct adapter *adapter) while (physcard) { for (i = 0; i < SLIC_MAX_PORTS; i++) { - if (!physcard->adapter[i]) - continue; - else + if (physcard->adapter[i]) break; } + if (i == SLIC_MAX_PORTS) + break; + if (physcard->adapter[i]->slotnumber == adapter->slotnumber) break; physcard = physcard->next;