"data" is a void pointer and "args" is "data" after we have casted it to a struct. We care about the sizeof the struct here. Btw, sizeof(*data) is 1.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c b/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c index ca1a7d7..eb9c489 100644 --- a/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c +++ b/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c @@ -335,7 +335,7 @@ nv50_disp_sync_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head > 1) + if (size < sizeof(*args) || args->head > 1) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, @@ -374,7 +374,7 @@ nv50_disp_ovly_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head > 1) + if (size < sizeof(*args) || args->head > 1) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, diff --git a/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c b/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c index 9e38ebf..f28725a 100644 --- a/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c +++ b/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c @@ -230,7 +230,7 @@ nvd0_disp_sync_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head >= priv->head.nr) + if (size < sizeof(*args) || args->head >= priv->head.nr) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, @@ -270,7 +270,7 @@ nvd0_disp_ovly_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head >= priv->head.nr) + if (size < sizeof(*args) || args->head >= priv->head.nr) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf,
Dear Dan,
Am Dienstag, den 22.01.2013, 10:20 +0300 schrieb Dan Carpenter:
"data" is a void pointer and "args" is "data" after we have casted it to a struct. We care about the sizeof the struct here. Btw, sizeof(*data)
s,sizeof the,size of the,
is 1.
Did you find this by manual inspection or did you use some tool?
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
[…]
With the typo fixed above,
Acked-by: Paul Menzel paulepanter@users.sourceforge.net
Thanks,
Paul
"data" is a void pointer and "args" is "data" after we have casted it to a struct. We care about the size of the struct here. Btw, sizeof(*data) is 1.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com --- v2: tweaked the commit message
diff --git a/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c b/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c index ca1a7d7..eb9c489 100644 --- a/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c +++ b/drivers/gpu/drm/nouveau/core/engine/disp/nv50.c @@ -335,7 +335,7 @@ nv50_disp_sync_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head > 1) + if (size < sizeof(*args) || args->head > 1) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, @@ -374,7 +374,7 @@ nv50_disp_ovly_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head > 1) + if (size < sizeof(*args) || args->head > 1) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, diff --git a/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c b/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c index 9e38ebf..f28725a 100644 --- a/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c +++ b/drivers/gpu/drm/nouveau/core/engine/disp/nvd0.c @@ -230,7 +230,7 @@ nvd0_disp_sync_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head >= priv->head.nr) + if (size < sizeof(*args) || args->head >= priv->head.nr) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf, @@ -270,7 +270,7 @@ nvd0_disp_ovly_ctor(struct nouveau_object *parent, struct nv50_disp_dmac *dmac; int ret;
- if (size < sizeof(*data) || args->head >= priv->head.nr) + if (size < sizeof(*args) || args->head >= priv->head.nr) return -EINVAL;
ret = nv50_disp_dmac_create_(parent, engine, oclass, args->pushbuf,
On Tue, Jan 22, 2013 at 10:42:25AM +0100, Paul Menzel wrote:
Did you find this by manual inspection or did you use some tool?
I found this because it caused a problem in a parser I was working on but Sparse warns about "warning: expression using sizeof(void)".
It's sort of hard to run Sparse on nouveau because you can't build the individual .o files.
$ kchecker --sparse drivers/gpu/drm/nouveau/core/engine/disp/nv50.c make[1]: Nothing to be done for `all'. make[1]: Nothing to be done for `relocs'. CHK include/generated/uapi/linux/version.h CHK include/generated/utsrelease.h CALL scripts/checksyscalls.sh <stdin>:1223:2: warning: #warning syscall finit_module not implemented [-Wcpp] scripts/Makefile.build:44: /home/dcarpenter/progs/kernel/devel/drivers/gpu/drm/nouveau/core/engine/disp/Makefile: No such file or directory make[1]: *** No rule to make target `/home/dcarpenter/progs/kernel/devel/drivers/gpu/drm/nouveau/core/engine/disp/Makefile'. Stop. make: *** [drivers/gpu/drm/nouveau/core/engine/disp/nv50.o] Error 2
regards, dan carpenter
On Mit, 2013-01-23 at 11:38 +0300, Dan Carpenter wrote:
On Tue, Jan 22, 2013 at 10:42:25AM +0100, Paul Menzel wrote:
Did you find this by manual inspection or did you use some tool?
I found this because it caused a problem in a parser I was working on but Sparse warns about "warning: expression using sizeof(void)".
gcc's -Wpointer-arith option also reports this. Never tried it on the kernel though .....
Bernd
dri-devel@lists.freedesktop.org
-
Bernd Petrovitsch -
Dan Carpenter -
Paul Menzel