From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by befuddled.reisers.ca (Postfix, from userid 65534) id E2B7B1EFB9C; Mon, 9 May 2016 18:44:26 -0400 (EDT) Received: from sonata.ens-lyon.org (sonata.ens-lyon.org [140.77.166.138]) by befuddled.reisers.ca (Postfix) with ESMTPS id 823951EFB85 for ; Mon, 9 May 2016 18:44:25 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by sonata.ens-lyon.org (Postfix) with ESMTP id 26C78200E9; Tue, 10 May 2016 00:44:09 +0200 (CEST) Received: from sonata.ens-lyon.org ([127.0.0.1]) by localhost (sonata.ens-lyon.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ygryG3mT8q_c; Tue, 10 May 2016 00:44:09 +0200 (CEST) Received: from var.youpi.perso.aquilenet.fr (LFbn-1-6757-94.w90-120.abo.wanadoo.fr [90.120.189.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by sonata.ens-lyon.org (Postfix) with ESMTPSA id 78AB9200CD; Tue, 10 May 2016 00:44:03 +0200 (CEST) Received: from samy by var.youpi.perso.aquilenet.fr with local (Exim 4.87) (envelope-from ) id 1aztuE-0002Yn-Od; Tue, 10 May 2016 00:44:02 +0200 Date: Tue, 10 May 2016 00:44:02 +0200 From: Samuel Thibault To: Colin King Cc: William Hubbs , Chris Brannon , Kirk Reiser , Greg Kroah-Hartman , Amitoj Kaur Chawla , speakup@linux-speakup.org, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] staging: speakup: ensure we do not overrun synths array Message-ID: <20160509224402.GV3473@var.home> Mail-Followup-To: Samuel Thibault , Colin King , William Hubbs , Chris Brannon , Kirk Reiser , Greg Kroah-Hartman , Amitoj Kaur Chawla , speakup@linux-speakup.org, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org References: <1462832534-11128-1-git-send-email-colin.king@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1462832534-11128-1-git-send-email-colin.king@canonical.com> User-Agent: Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 X-BeenThere: speakup@linux-speakup.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2016 22:44:27 -0000 Colin King, on Mon 09 May 2016 23:22:14 +0100, wrote: > From: Colin Ian King > > synth_add allows one to add MAXSYNTHS synths to the synths array; > however it always NULLifies the next synth in the array which > means that on the MAXSYNTHS synth we get an out-of-bounds write of > the NULL to the synths array. Make the synths array MAXSYNTHS + 1 > elements in size to allow for the final NULL sentinal to avoid the > out-of-bounds write. > > Issue found wit CoverityScan, CID#744671 > > Signed-off-by: Colin Ian King Reviewed-by: Samuel Thibault > --- > drivers/staging/speakup/synth.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/speakup/synth.c b/drivers/staging/speakup/synth.c > index 4f462c3..810a214 100644 > --- a/drivers/staging/speakup/synth.c > +++ b/drivers/staging/speakup/synth.c > @@ -18,7 +18,7 @@ > #include "serialio.h" > > #define MAXSYNTHS 16 /* Max number of synths in array. */ > -static struct spk_synth *synths[MAXSYNTHS]; > +static struct spk_synth *synths[MAXSYNTHS + 1]; > struct spk_synth *synth; > char spk_pitch_buff[32] = ""; > static int module_status; > -- > 2.8.1 > -- Samuel Actually, typing random strings in the Finder does the equivalent of filename completion. (Discussion in comp.os.linux.misc on the intuitiveness of commands: file completion vs. the Mac Finder.)