Date: Tue, 1 Sep 2020 08:46:02 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: Eric van Gyzen <vangyzen@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r364989 - head/sys/dev/jedec_dimm Message-ID: <5709d5bb-6f52-711b-cc4b-bed175cdb7d8@FreeBSD.org> In-Reply-To: <202008311503.07VF3OrC097327@repo.freebsd.org> References: <202008311503.07VF3OrC097327@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31/08/2020 18:03, Eric van Gyzen wrote: > Author: vangyzen > Date: Mon Aug 31 15:03:23 2020 > New Revision: 364989 > URL: https://svnweb.freebsd.org/changeset/base/364989 > > Log: > jedec_dimm: fix array overrun > > Coverity detected the overrunning of sc->part_str. > > Submitted by: bret_ketchum@dell.com > Reported by: Coverity > MFC after: 2 weeks > Sponsored by: Dell EMC Isilon > Differential Revision: https://reviews.freebsd.org/D26145 > > Modified: > head/sys/dev/jedec_dimm/jedec_dimm.c > > Modified: head/sys/dev/jedec_dimm/jedec_dimm.c > ============================================================================== > --- head/sys/dev/jedec_dimm/jedec_dimm.c Mon Aug 31 14:47:23 2020 (r364988) > +++ head/sys/dev/jedec_dimm/jedec_dimm.c Mon Aug 31 15:03:23 2020 (r364989) > @@ -795,7 +795,7 @@ jedec_dimm_field_to_str(struct jedec_dimm_softc *sc, c > > /* If we're dealing with ASCII, convert trailing spaces to NULs. */ > if (ascii) { > - for (i = dstsz; i > 0; i--) { > + for (i = dstsz - 1; i > 0; i--) { If 'i' is an index into the array, then shouldn't the condition be greater-equal? > if (dst[i] == ' ') { > dst[i] = 0; > } else if (dst[i] == 0) { > -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5709d5bb-6f52-711b-cc4b-bed175cdb7d8>