• J
    drivers/net/smsc911x.c: Fix resource size off by 1 error · 39424539
    Julia Lawall 提交于
    The call resource_size(res) returns res->end - res->start + 1 and thus the
    second change is semantics-preserving.  res_size is then used as the second
    argument of a call to request_mem_region, and the memory allocated by this
    call appears to be the same as what is released in the two calls to
    release_mem_region.  So the size argument for those calls should be
    resource_size(size) as well.  Alternatively, in the second call to
    release_mem_region, the second argument could be res_size, as that variable
    has already been initialized at the point of this call.
    
    The problem was found using the following semantic patch:
    (http://www.emn.fr/x-info/coccinelle/)
    
    // <smpl>
    @@
    struct resource *res;
    @@
    
    - (res->end - res->start) + 1
    + resource_size(res)
    
    @@
    struct resource *res;
    @@
    
    - res->end - res->start
    + BAD(resource_size(res))
    // </smpl>
    Signed-off-by: NJulia Lawall <julia@diku.dk>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    39424539
smsc911x.c 57.7 KB