From d8f7bfb8bd764e27430d24d8917ecb388dbaff9c Mon Sep 17 00:00:00 2001 From: Xin LI Date: Thu, 14 Nov 2013 18:53:17 +0000 Subject: [PATCH] The previous code makes a memory allocation in size of struct mbx_common_read_write_flashrom plus 32KB and caps the actual transfer size at 32KB. This is harmless as it is but may confuse static code analyzer, so allocate a full 32KB instead. Reported by: Coverity via mjacob Submitted by: Venkata Duvvuru Coverity CID: 1125820 --- sys/dev/oce/oce_hw.h | 3 ++- sys/dev/oce/oce_sysctl.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/sys/dev/oce/oce_hw.h b/sys/dev/oce/oce_hw.h index 4cdbea34aa00..9f1a92a37e94 100644 --- a/sys/dev/oce/oce_hw.h +++ b/sys/dev/oce/oce_hw.h @@ -1577,7 +1577,8 @@ struct mbx_common_read_write_flashrom { uint32_t flash_op_type; uint32_t data_buffer_size; uint32_t data_offset; - uint8_t data_buffer[4]; /* + IMAGE_TRANSFER_SIZE */ + uint8_t data_buffer[32768]; /* + IMAGE_TRANSFER_SIZE */ + uint8_t rsvd[4]; }; struct oce_phy_info { diff --git a/sys/dev/oce/oce_sysctl.c b/sys/dev/oce/oce_sysctl.c index 1155c699e1dd..cbb51f1429ed 100644 --- a/sys/dev/oce/oce_sysctl.c +++ b/sys/dev/oce/oce_sysctl.c @@ -381,8 +381,8 @@ oce_sh_be3_flashdata(POCE_SOFTC sc, const struct firmware *fw, int32_t num_imgs) return EINVAL; } - rc = oce_dma_alloc(sc, sizeof(struct mbx_common_read_write_flashrom) - + 32*1024, &dma_mem, 0); + rc = oce_dma_alloc(sc, sizeof(struct mbx_common_read_write_flashrom), + &dma_mem, 0); if (rc) { device_printf(sc->dev, "Memory allocation failure while flashing\n");