Wrong boundary check on zs.c driver

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Wrong boundary check on zs.c driver

Jan Engelhardt
Hello,



whilst editing through the OpenBSD 3.8 kernel source*, I found an anomaly
in the code of arch/mvme68k/dev/zs.c, in function zsclose():

    if(zsunit(dev) > zs_cd.cd_ndevs ||
        (sc = (struct zssoftc *) zs_cd.cd_devs[zsunit(dev)]) ==

Most other drivers, such as arch/mvme68k/dev/wl.c (wlclose()) instead have:

    if(unit >= wl_cd.cd_ndevs ||
        (sc = (struct wlsoftc *) wl_cd.cd_devs[unit]) == NULL) {

I.e. ">=" instead of ">". I doubt the ">" in zs.c is correct, but I cannot
test it as I neither have the architecture nor hardware.


    * ftp://ftp.de.openbsd.org/unix/OpenBSD/3.8/sys.tar.gz
    sys.tar.gz . . . . . Sep 17 01:27  16.1M


Jan Engelhardt
--
| Alphagate Systems, http://alphagate.hopto.org/
| jengelh's site, http://jengelh.hopto.org/