From 9784bd4f1a6ea736ad9bf241f5a965e0a2913a5e Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Mon, 14 Oct 2013 14:26:08 +0200 Subject: [PATCH] s390/vmlogrdr: fix array access in vmlogrdr_open() Fix check within vmlogrdr_open() if the minor address is not larger than the number of array elements. Found with "smatch": drivers/s390/char/vmlogrdr.c:318 vmlogrdr_open() warn: buffer overflow 'sys_ser' 3 <= 3 Acked-by: Stefan Weinhuber Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- drivers/s390/char/vmlogrdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/char/vmlogrdr.c b/drivers/s390/char/vmlogrdr.c index 9b3a24e8d3a0..cf31d3321dab 100644 --- a/drivers/s390/char/vmlogrdr.c +++ b/drivers/s390/char/vmlogrdr.c @@ -313,7 +313,7 @@ static int vmlogrdr_open (struct inode *inode, struct file *filp) int ret; dev_num = iminor(inode); - if (dev_num > MAXMINOR) + if (dev_num >= MAXMINOR) return -ENODEV; logptr = &sys_ser[dev_num]; -- 2.20.1