Re: [Patch] Off by one in drivers/usb/input/yealink.c

* Dmitry Torokhov ([email protected]) wrote:
> On 7/5/06, Henk Vergonet <[email protected]> wrote:
> >On Tue, Jun 27, 2006 at 03:51:43PM -0700, Randy.Dunlap wrote:
> >> On Wed, 28 Jun 2006 00:41:19 +0200 Eric Sesterhenn wrote:
> >> > another off by one spotted by coverity (id #485),
> >> > we loop exactly one time too often
> >> >
> >> > Signed-off-by: Eric Sesterhenn <[email protected]>
> >> >
> >> > --- linux-2.6.17-git11/drivers/usb/input/yealink.c.orig     2006-06-28 
> >00:29:46.000000000 +0200
> >> > +++ linux-2.6.17-git11/drivers/usb/input/yealink.c  2006-06-28 
> >00:30:04.000000000 +0200
> >> > @@ -350,7 +350,7 @@ static int yealink_do_idle_tasks(struct
> >> >             val = yld->master.b[ix];
> >> >             if (val != yld->copy.b[ix])
> >> >                     goto send_update;
> >> > -   } while (++ix < sizeof(yld->master));
> >> > +   } while (++ix < sizeof(yld->master)-1);
> >
> >Apart from introducing a new bug in the code, the construct is ugly.
> >
> >I would rather see then the more readable:
> >
> >       ix++;
> >   } while (ix < sizeof(yld->master));
> >
> 
> The new code is exactly the same as the old one; however I do not see
> the problem with the old code. Could it be that Coverity got confused
> by prefix vs. postfix increment?

I looked at this code several times too, and tried to reproduce the bug
with the following little program:

#include <string.h>
int main(int argc, char **argv) {
	char foo[] = "abcdef";
	int i = 0;

	foo[strlen(foo)] = 'X';
	do {
		putchar(foo[i]);
	} while (++i < sizeof(foo));
}

Which clearly shows that the terminating '\0' gets printed too,
replaced by the X for better visibility, so the code
runs past the array, or did I fail to replicate the original
code somewhere?

Eric

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [Patch] Off by one in drivers/usb/input/yealink.c
    • From: Dmitry Torokhov <[email protected]>

• References:
  • Re: [Patch] Off by one in drivers/usb/input/yealink.c
    • From: Henk Vergonet <[email protected]>

• Prev by Date: Re: [patch 3/7] Check root chipset no_msi flag instead of all parent busses flags
• Next by Date: Re: 2.6.17-mm2 hrtimer code wedges at boot?
• Previous by thread: Re: [Patch] Off by one in drivers/usb/input/yealink.c
• Next by thread: Re: [Patch] Off by one in drivers/usb/input/yealink.c
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]