On 31.08.2012, at 22:21, Stefan Weil wrote:
> Report from smatch:
>
> ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
> ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
>
> The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[
Am 01.09.2012 08:23, schrieb Alexander Graf:
On 31.08.2012, at 22:45, Markus Armbruster wrote:
Andreas Färber writes:
static uint32_t dcr_read_pob (void *opaque, int dcrn)
...
Reviewed-by: Andreas Färber
We could alternatively leave besr[2] and access it with hardcoded 0..1.
Min
On 31.08.2012, at 22:45, Markus Armbruster wrote:
> Andreas Färber writes:
>
>> Am 31.08.2012 22:21, schrieb Stefan Weil:
>>> Report from smatch:
>>>
>>> ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
>>> ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'p
Andreas Färber writes:
> Am 31.08.2012 22:21, schrieb Stefan Weil:
>> Report from smatch:
>>
>> ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
>> ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
>>
>> The old code reads and writes besr[POB0
Am 31.08.2012 22:21, schrieb Stefan Weil:
> Report from smatch:
>
> ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
> ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
>
> The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[2]
>
Report from smatch:
ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[2]
which is one too much.
Signed-off-by: Stefan Weil
---
