From 20d403e801272b84e033b8f17d3e45c4f66507c7 Mon Sep 17 00:00:00 2001 From: Peter Huewe Date: Tue, 19 Feb 2013 05:18:51 +0100 Subject: [PATCH] staging/slicoss: Fix buffer possible overflow in slic_card_locate smatch complains about a possible buffer overflow slicoss.c:3651 slic_card_locate() error: buffer overflow 'physcard->adapter' 4 <= 4 If the for loop is not exited prematurely i++ is executed after the last iteration and thus i can be 4, which is out of bounds for physcard->adapter. -> Add check for this condition and simplify the if statement by inverting the condition. Signed-off-by: Peter Huewe Signed-off-by: Greg Kroah-Hartman --- drivers/staging/slicoss/slicoss.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/staging/slicoss/slicoss.c b/drivers/staging/slicoss/slicoss.c index fc085856c027..48056bf910b3 100644 --- a/drivers/staging/slicoss/slicoss.c +++ b/drivers/staging/slicoss/slicoss.c @@ -3643,11 +3643,12 @@ static u32 slic_card_locate(struct adapter *adapter) while (physcard) { for (i = 0; i < SLIC_MAX_PORTS; i++) { - if (!physcard->adapter[i]) - continue; - else + if (physcard->adapter[i]) break; } + if (i == SLIC_MAX_PORTS) + break; + if (physcard->adapter[i]->slotnumber == adapter->slotnumber) break; physcard = physcard->next;