netbsd-bugs: kern/3251: Array bounds violation and pasto in dev/isapnp/isapnp.c

Subject: kern/3251: Array bounds violation and pasto in dev/isapnp/isapnp.c
To: None <gnats-bugs@gnats.netbsd.org>
From: Christoph Badura <bad@klicman.de>
List: netbsd-bugs
Date: 02/24/1997 22:09:28

>Number:         3251
>Category:       kern
>Synopsis:       sc->sc_id[][] has only 9 elements + should assign csum.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 24 13:20:01 1997
>Last-Modified:
>Originator:     Christoph Badura
>Organization:
	
>Release:        1997-02-22
>Environment:
	
System: NetBSD klic3.klicman.de 1.2C NetBSD 1.2C (KLIC) #28: Sat Feb 22 20:14:50 MET 1997 bad@klic3.klicman.de:/usr/src/sys/arch/i386/compile/KLIC i386


>Description:
	
The code that reads the checksum in isapnp_findcard() accesses the
tenth element in sc->sc_id[sc->sc_ncards][] but that array has only nine
elements.  Also, the code is supposed to assign csum instead of w.

>How-To-Repeat:
	
By code inspection.

>Fix:
	
Patch sys/dev/isapnp/isapnp.c as follows:

Index: isapnp.c
===================================================================
RCS file: /u2/src.master/netbsd/src/sys/dev/isapnp/isapnp.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 isapnp.c
--- isapnp.c	1997/02/11 23:40:52	1.1.1.2
+++ isapnp.c	1997/02/24 20:54:42
@@ -163,7 +163,7 @@
 
 		csum >>= 1;
 		csum |= neg;
-		sc->sc_id[sc->sc_ncards][9] = w;
+		sc->sc_id[sc->sc_ncards][8] = csum;
 	}
 
 	if (csum == v) {
>Audit-Trail:
>Unformatted: