pcmciautils: out-of-array-bug
Dominik Brodowski
linux at dominikbrodowski.net
Sun Aug 2 08:09:45 EDT 2009
Hey Wolfram,
On Sun, Aug 02, 2009 at 09:44:56AM +0200, Wolfram Sang wrote:
> this bug report[1] fixes two places which might exceed the fn[]-array. Looking
> at the git-repos, just one of the two made it upstream.
thanks for noting this. What about the attached patch, which I intend to
merge into pcmciautils at the next opportunity.
Best,
Dominik
pccardctl: add array out-of-bounds exception (2)
Fix another instance where an array out-of-bounds exception relating to
func_id was triggered. Spotted at[1], still pending bugfix noted by
Wolfram Sang.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406251
Signed-off-by: Dominik Brodowski <linux at dominikbrodowski.net>
diff --git a/src/pccardctl.c b/src/pccardctl.c
index d3d3317..d5cbfef 100644
--- a/src/pccardctl.c
+++ b/src/pccardctl.c
@@ -589,8 +589,12 @@ static int lspcmcia(unsigned long socket_no, int verbose)
if (!pccardctl_get_one(socket_no, "manf_id", &manf_id))
if (!pccardctl_get_one(socket_no, "card_id", &card_id))
printf("manf_id: 0x%04x\tcard_id: 0x%04x\n\t\t\t", manf_id, card_id);
- if (!pccardctl_get_one(socket_no, "func_id", &manf_id))
- printf("function: %d (%s)\n\t\t\t", manf_id, fn[manf_id]);
+ if (!pccardctl_get_one(socket_no, "func_id", &manf_id)) {
+ const char *s = "unknown";
+ if (manf_id < sizeof(fn)/sizeof(*fn))
+ s = fn[manf_id];
+ printf("function: %d (%s)\n\t\t\t", manf_id, s);
+ }
for (j=1;j<=4;j++) {
snprintf(file, SYSFS_PATH_MAX, "prod_id%d", j);
pccardctl_get_string(socket_no, file, &res);
More information about the linux-pcmcia
mailing list