summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoel Kluin <roel.kluin@gmail.com>2010-08-10 18:01:10 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-08-11 08:58:59 -0700
commitef3f7cc41280e9611a837df1fedf3f6d4d921a75 (patch)
tree63df51b25c2d8e3fb584cbfbe49cb0bdcbd07895
parent13bcbc008790b05413c9a16763b423c206528c0a (diff)
downloadlinux-ef3f7cc41280e9611a837df1fedf3f6d4d921a75.tar.bz2
osst: fix read buffer overflow
Check whether index is within bounds before testing the element. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Willem Riede <osst@riede.org> Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/scsi/osst.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/scsi/osst.c b/drivers/scsi/osst.c
index d64b7178fa08..278b352ae78d 100644
--- a/drivers/scsi/osst.c
+++ b/drivers/scsi/osst.c
@@ -5868,7 +5868,8 @@ static int osst_probe(struct device *dev)
}
/* find a free minor number */
- for (i=0; os_scsi_tapes[i] && i<osst_max_dev; i++);
+ for (i = 0; i < osst_max_dev && os_scsi_tapes[i]; i++)
+ ;
if(i >= osst_max_dev) panic ("Scsi_devices corrupt (osst)");
dev_num = i;