Subject: port-i386/177: number of ports in com.c has an off-by-one error
To: None <gnats-admin>
From: Brian de Alwis <bsdealwi@undergrad.math.uwaterloo.ca>
List: netbsd-bugs
Date: 03/24/1994 20:05:01
>Number: 177
>Category: port-i386
>Synopsis: number of ports in com.c has an off-by-one error
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Mar 24 20:05:01 1994
>Originator: bsdealwi@undergrad.math.uwaterloo.ca
>Organization:
" unorganized"
>Release: -current to 19th March
>Environment:
i386-33MHz, i387, for NetBSD/i386
System: NetBSD portia 0.9a PORTIA#4 i386
>Description:
comopen() checks that the serial unit being accessed is a
valid number by comparing `unit > NCOM'. `unit' is 0-relative,
while `NCOM' is 1-relative. Thus the test should be `>='.
>How-To-Repeat:
(x = # configured com-ports. I have 2, so x = 2)
mknod /dev/test c 8 x
cat /dev/test
(kernel will panic)
>Fix:
*** /sys/arch/i386/isa/com.c Thu Mar 24 20:59:27 1994
--- com.c Thu Mar 24 22:08:23 1994
***************
*** 253,259 ****
int s;
int error = 0;
! if (unit > NCOM)
return ENXIO;
sc = &com_softc[unit];
if (!sc->sc_iobase)
--- 253,259 ----
int s;
int error = 0;
! if (unit >= NCOM)
return ENXIO;
sc = &com_softc[unit];
if (!sc->sc_iobase)
>Audit-Trail:
>Unformatted:
------------------------------------------------------------------------------