On Thu, 16 Mar 2006 09:19:11 +0800, Eugene Teo said: > dev is missing a negative bound check. > > Signed-off-by: Eugene Teo <[email protected]> > > --- linux-2.6/sound/oss/sequencer.c~ 2006-03-15 10:05:45.000000000 +0800 > +++ linux-2.6/sound/oss/sequencer.c 2006-03-16 09:06:59.000000000 +0800 > @@ -713,7 +713,7 @@ > int i, l = 0; > unsigned char *buf = &event_rec[2]; > > - if ((int) dev > max_synthdev) > + if (dev < 0 || dev >= max_synthdev) > return; > if (!(synth_open_mask & (1 << dev))) > return; Erm?? Looking at a bit more context for the function: static void seq_sysex_message(unsigned char *event_rec) { int dev = event_rec[1]; int i, l = 0; unsigned char *buf = &event_rec[2]; if ((int) dev > max_synthdev) return; if (!(synth_open_mask & (1 << dev))) return; if (!synth_devs[dev]) return; that 'int dev' came out of an 'unsigned char *' - as such, I doubt you can get a negative value. If anything, it should be 'unsigned int dev'.
Attachment:
pgpezwt20NDG7.pgp
Description: PGP signature
- Follow-Ups:
- Re: Fix sequencer missing negative bound check
- From: Eugene Teo <[email protected]>
- Re: Fix sequencer missing negative bound check
- References:
- Fix sequencer missing negative bound check
- From: Eugene Teo <[email protected]>
- Fix sequencer missing negative bound check
- Prev by Date: [PATCH] Fix vfs_inode dereference before NULL check
- Next by Date: Re: libata/sata_nv latency on NVIDIA CK804 [was Re: AMD64 X2 lost ticks on PM timer]
- Previous by thread: Fix sequencer missing negative bound check
- Next by thread: Re: Fix sequencer missing negative bound check
- Index(es):
 |