Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 11:53:01 +00:00
Code Issues Projects Releases Wiki Activity

[PATCH] Overrun in isdn_tty.c

Browse source 
This fixes coverity bug id #1237.  After the while loop, it is possible for
i == ISDN_LMSNLEN.  If this happens the terminating '\0' is written after
the end of the array.

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Eric Sesterhenn 2006-05-20 15:00:12 -07:00 committed by Linus Torvalds
parent 92d1dbd274
commit a6a61c5494
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/isdn/i4l/isdn_tty.c
View file

@ -2880,7 +2880,7 @@ isdn_tty_cmd_ATand(char **p, modem_info * info)
p[0]++;
i = 0;
while (*p[0] && (strchr("0123456789,-*[]?;", *p[0])) &&
(i < ISDN_LMSNLEN))
(i < ISDN_LMSNLEN - 1))
m->lmsn[i++] = *p[0]++;
m->lmsn[i] = '\0';
break;