Bug in __get_mtd_device()
Jörn Engel
joern at wohnheim.fh-wedel.de
Fri Oct 12 09:40:29 EDT 2001
Hi!
Correct me, if I am wrong, but there seems to be a bug in
__get_mtd_device() in drivers/mtd/mtdcore.c.
The following line seems to be dangerous:
} else if (num < MAX_MTD_DEVICES) {
num has type int (signed) and is not checked against negative values.
You could either use this hack:
} else if ((unsigned)num < MAX_MTD_DEVICES) {
which might break if some platform doesn't use a two's complement for
negative numbers or do the long check:
} else if (num >= 0 && num < MAX_MTD_DEVICES) {
I would prefer the latter, correctness is more important than
performance.
Another fix that changes the semantics slightly would be to use this
line:
if (num < 0) {
instead of:
if (num == -1) {
Jörn
--
If you have the right attitude, interesting problems will find you.
More information about the linux-mtd
mailing list