]> www.infradead.org Git - users/willy/pagecache.git/commitdiff
projects / users / willy / pagecache.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 65c8846)
[NIU]: Fix write past end of array in niu_pci_probe_sprom().
authorDavid S. Miller <davem@sunset.davemloft.net>
Mon, 15 Oct 2007 08:36:24 +0000 (01:36 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 15 Oct 2007 19:26:31 +0000 (12:26 -0700)
Noticed by Coverity checker and reported by Adrian Bunk.

Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/niu.c patch | blob | history

diff --git a/drivers/net/niu.c b/drivers/net/niu.c
index 43bfe7e6b6f5c0c167885460c2a55871066b10ea..54166bdeae96b69265521a4567e1ab6fd2001b91 100644 (file)
--- a/drivers/net/niu.c
+++ b/drivers/net/niu.c
@@ -6213,7 +6213,7 @@ static int __devinit niu_pci_probe_sprom(struct niu *np)
        val = nr64(ESPC_MOD_STR_LEN);
        niudbg(PROBE, "SPROM: MOD_STR_LEN[%llu]\n",
               (unsigned long long) val);
-       if (val > 8 * 4)
+       if (val >= 8 * 4)
                return -EINVAL;
 
        for (i = 0; i < val; i += 4) {
@@ -6229,7 +6229,7 @@ static int __devinit niu_pci_probe_sprom(struct niu *np)
        val = nr64(ESPC_BD_MOD_STR_LEN);
        niudbg(PROBE, "SPROM: BD_MOD_STR_LEN[%llu]\n",
               (unsigned long long) val);
-       if (val > 4 * 4)
+       if (val >= 4 * 4)
                return -EINVAL;
 
        for (i = 0; i < val; i += 4) {
Unnamed repository; edit this file 'description' to name the repository.