Hello, i have detected an array index out of bounds in file 3c523.c. I used the static code analyis tool cppcheck to find this issue. It prints the following output: [linux-2.6.30/drivers/net/3c523.c:1117]: (all) Array index out of bounds [linux-2.6.30/drivers/net/3c523.c:1104]: (all) Array index out of bounds Take a look at the code(line 1104): printk("%s: X0: %04x N0: %04x N1: %04x %d\n", dev->name, (int) p->xmit_cmds[0]->cmd_status, (int) p->nop_cmds[0]->cmd_status, (int) p->nop_cmds[1]->cmd_status, (int) p->nop_point); cppcheck mentions that "p->nop_cmds[1]->cmd_status" is wrong because the #define NUM_XMIT_BUFFS is set to 1 (see line 158). Best regards Ettl Martin
The same happens at: [linux-2.6.30/drivers/net/sun3_82586.c:994]: (all) Array index out of bounds [linux-2.6.30/drivers/net/sun3_82586.c:978]: (all) Array index out of bounds Best regards Martin
For 3c523.c, see where nop_cmds is defined: #if (NUM_XMIT_BUFFS == 1) volatile struct transmit_cmd_struct *xmit_cmds[2]; volatile struct nop_cmd_struct *nop_cmds[2]; #else volatile struct transmit_cmd_struct *xmit_cmds[NUM_XMIT_BUFFS]; volatile struct nop_cmd_struct *nop_cmds[NUM_XMIT_BUFFS]; #endif so nop_cmds[1] is valid. I.e., this looks like a false positive to me. Maybe cppcheck is just using the latter line: volatile struct nop_cmd_struct *nop_cmds[NUM_XMIT_BUFFS]; when it should not be. sun3_82586.c appears to be a similar issue.