Constant is used to allocate memory for a buffer, then buffer is
filled upto 'size' which is passed as a parameter. If 'size' is bigger
than the constant then the buffer will overflow. Function has internal
linkage so this can only happen due to programmer error. BUG_ON() is
designed for catching these cases. Currently there is only one call
site and it is correct, adding BUG_ON() will potentially save
developer time if later changes to the code are incorrect.
Use BUG_ON() to guard buffer write size in function with internal linkage.
Signed-off-by: Tobin C. Harding <m...@tobin.cc>
---
drivers/staging/ks7010/ks7010_sdio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/ks7010/ks7010_sdio.c
b/drivers/staging/ks7010/ks7010_sdio.c
index 3403edd..06f25a7 100644
--- a/drivers/staging/ks7010/ks7010_sdio.c
+++ b/drivers/staging/ks7010/ks7010_sdio.c
@@ -683,6 +683,8 @@ static int ks7010_sdio_data_compare(struct ks_wlan_private
*priv, u32 address,
int ret;
unsigned char *read_buf;
+ BUG_ON(size > ROM_BUFF_SIZE);
+
read_buf = kmalloc(ROM_BUFF_SIZE, GFP_KERNEL);
if (!read_buf)
return -ENOMEM;
--
2.7.4
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
