[PATCH] Overflow protection in do_io_probe()

Pavel Roskin proski at gnu.org
Wed Jun 23 19:19:26 EDT 2004


Hello!

If I use something like "include port 0xf000-0xffff" in 
/etc/pcmcia/config.opts, the kernel hangs while printing the excluded 
ports on the console.  It happens because "i" has type ioaddr_t and 
overflows to 0 after it reaches 0xfff8.

The patch looks pretty ugly for my taste, but I cannot think of anything 
else that would be as simple and reliable.

Note that "include port 0x0000-0xffff" still fails (but not hangs) for a 
different reason.  Maybe I'll debug it later.

-- 
Regards,
Pavel Roskin
-------------- next part --------------
--- linux.orig/drivers/pcmcia/rsrc_mgr.c
+++ linux/drivers/pcmcia/rsrc_mgr.c
@@ -251,6 +251,7 @@ static void do_io_probe(ioaddr_t base, i
 	if ((j == 8) && (++b[hole] > b[most]))
 	    most = hole;
 	if (b[most] == 127) break;
+	if ((ioaddr_t)(i + 8) < i) break;	/* overflow protection */
     }
     kfree(b);
 
@@ -274,6 +275,7 @@ static void do_io_probe(ioaddr_t base, i
 		bad = 0;
 	    }
 	}
+	if ((ioaddr_t)(i + 8) < i) break;	/* overflow protection */
     }
     if (bad) {
 	if ((num > 16) && (bad == base) && (i == base+num)) {


More information about the linux-pcmcia mailing list