In ide/legacy/qd65xx.c:272 there's a call where max_mode is 255. Right
before the piece of code that the checker warns about is the segment:
if (pio_mode > max_mode) {
pio_mode = max_mode;
cycle_time = 0;
}
Now, it may be that pio_mode can never be >= 255 in this scenario. But if
it can be, then this sets pio_mode to 255.
> > [BUG] [GEM] The caller is probably at fault: look at the call chain.
> > /u1/acc/linux/2.5.48/drivers/video/fbgen.c:180:do_install_cmap: ERROR:BUFFER:180:180:Array bounds error: fb_display[63] indexed with [-1] [Callstack: /u1/acc/linux/2.5.48/drivers/video/aty128fb.c:1746:aty128fb_set_var(_, -1, _) -> /u1/acc/linux/2.5.48/drivers/video/aty128fb.c:1406:do_install_cmap(-1, _)]
> >
> > void do_install_cmap(int con, struct fb_info *info)
> > {
> > if (con != info->currcon)
> > return;
>
> currcon can never be -1. I don't think the compiler can ever deduce that
> detail though.
Then there's some odd code, such as in fbgen.c:gen_switch():
if (info->currcon >= 0) {
...
}
info->currcon = con;
-Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/