I think they're all currently harmless because of kmalloc & friends
exuberant approach to padding.
Dawson
drivers/sound/emu10k1/midi.c
drivers/telephony/ixj.c
---------------------------------------------------------
[BUG] should allocate sizeof *midihdr
/u2/engler/mc/oses/linux/2.4.1/drivers/sound/emu10k1/midi.c:59:midiin_add_buffer
: ERROR:SIZE-CHECK:59:59: midihdr = 'kmalloc'(4 bytes), need 32
static int midiin_add_buffer(struct emu10k1_mididevice *midi_dev, struct midi_hd
r **midihdrptr)
{
struct midi_hdr *midihdr;
Error --->
if ((midihdr = (struct midi_hdr *) kmalloc(sizeof(struct midi_hdr *), GF
P_KERNEL)) == NULL) {
ERROR();
return -EINVAL;
}
---------------------------------------------------------
[BUG] same
/u2/engler/mc/oses/linux/2.4.1/drivers/sound/emu10k1/midi.c:331:emu10k1_midi_wri
te: ERROR:SIZE-CHECK:331:331: midihdr = 'kmalloc'(4 bytes), need 32
struct midi_hdr *midihdr;
ssize_t ret = 0;
unsigned long flags;
DPD(4, "emu10k1_midi_write(), count=%x\n", (u32) count);
if (pos != &file->f_pos)
return -ESPIPE;
if (!access_ok(VERIFY_READ, buffer, count))
return -EFAULT;
Error --->
if ((midihdr = (struct midi_hdr *) kmalloc(sizeof(struct midi_hdr *), GF
P_KERNEL)) == NULL)
return -EINVAL;
---------------------------------------------------------
[BUG] should be sizeof(IXJ_FILTER_CADENCE) as with the copy_from_user
/u2/engler/mc/oses/linux/2.4.1/drivers/telephony/ixj.c:4511:ixj_build_filter_cad
ence: ERROR:SIZE-CHECK:4511:4511: lcp = 'kmalloc'(12 bytes), need 32
... DELETED 7 lines ...
IXJ_FILTER_CADENCE *lcp;
IXJ *j = &ixj[board];
Error --->
lcp = kmalloc(sizeof(IXJ_CADENCE), GFP_KERNEL);
if (lcp == NULL)
return -ENOMEM;
if (copy_from_user(lcp, (char *) cp, sizeof(IXJ_FILTER_CADENCE)))
return -EFAULT;
----------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/