Blackfin: fix read buffer overflow

Check whether index is within bounds before testing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Blackfin: fix read buffer overflow
Check whether index is within bounds before testing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
ac860751 · Roel Kluin · Mike Frysinger · 0e101ec1 · ac860751
Commit ac860751 authored Aug 02, 2009 by Roel Kluin Committed by Mike Frysinger Sep 16, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

arch/blackfin/kernel/bfin_dma_5xx.c arch/blackfin/kernel/bfin_dma_5xx.c +4 -4

No files found.
--- a/arch/blackfin/kernel/bfin_dma_5xx.c
+++ b/arch/blackfin/kernel/bfin_dma_5xx.c
@@ -147,8 +147,8 @@ EXPORT_SYMBOL(request_dma);

 int set_dma_callback(unsigned int channel, irq_handler_t callback, void *data)
 {
-	BUG_ON(!(dma_ch[channel].chan_status != DMA_CHANNEL_FREE
-	       && channel < MAX_DMA_CHANNELS));
+	BUG_ON(channel >= MAX_DMA_CHANNELS ||
+			dma_ch[channel].chan_status == DMA_CHANNEL_FREE);

 	if (callback != NULL) {
 		int ret;
@@ -182,8 +182,8 @@ static void clear_dma_buffer(unsigned int channel)
 void free_dma(unsigned int channel)
 {
 	pr_debug("freedma() : BEGIN \n");
-	BUG_ON(!(dma_ch[channel].chan_status != DMA_CHANNEL_FREE
-	       && channel < MAX_DMA_CHANNELS));
+	BUG_ON(channel >= MAX_DMA_CHANNELS ||
+			dma_ch[channel].chan_status == DMA_CHANNEL_FREE);

 	/* Halt the DMA */
 	disable_dma(channel);