Commit 117fcc30 authored by Dan Carpenter's avatar Dan Carpenter Committed by David S. Miller

cmd64x: potential buffer overflow in cmd64x_program_timings()

The "drive->dn" value is a u8 and it is controlled by root only, but
it could be out of bounds here so let's check.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0fdeae50
...@@ -66,6 +66,9 @@ static void cmd64x_program_timings(ide_drive_t *drive, u8 mode) ...@@ -66,6 +66,9 @@ static void cmd64x_program_timings(ide_drive_t *drive, u8 mode)
struct ide_timing t; struct ide_timing t;
u8 arttim = 0; u8 arttim = 0;
if (drive->dn >= ARRAY_SIZE(drwtim_regs))
return;
ide_timing_compute(drive, mode, &t, T, 0); ide_timing_compute(drive, mode, &t, T, 0);
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment