From: "Jayachandran C." While looking to the report by Coverity in ipmi, I came across the following issue: The IPMI message handler relies on two defines which are the same -one in include/linux/ipmi.h #define IPMI_NUM_CHANNELS 0x10 and one in drivers/char/ipmi/ipmi_msghandler. #define IPMI_MAX_CHANNELS 16 These are used interchangeably in ipmi_msghandler.c, but since the array addr->channels[] is of size IPMI_MAX_CHANNELS, I have made a patch that uses IPMI_MAX_CHANNELS for all the checks for the array index. NOTE: You could probably remove the line that defines IPMI_NUM_CHANNELS from ipmi.h, or move IPMI_MAX_CHANNELS to ipmi.h Signed-off-by: Jayachandran C. Cc: Corey Minyard Signed-off-by: Andrew Morton --- drivers/char/ipmi/ipmi_msghandler.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff -puN drivers/char/ipmi/ipmi_msghandler.c~ipmi-fix-issues-reported-by-coverity-in-ipmi_msghandlerc drivers/char/ipmi/ipmi_msghandler.c --- devel/drivers/char/ipmi/ipmi_msghandler.c~ipmi-fix-issues-reported-by-coverity-in-ipmi_msghandlerc 2005-12-22 05:09:44.000000000 -0800 +++ devel-akpm/drivers/char/ipmi/ipmi_msghandler.c 2005-12-22 05:09:44.000000000 -0800 @@ -481,7 +481,7 @@ int ipmi_validate_addr(struct ipmi_addr } if ((addr->channel == IPMI_BMC_CHANNEL) - || (addr->channel >= IPMI_NUM_CHANNELS) + || (addr->channel >= IPMI_MAX_CHANNELS) || (addr->channel < 0)) return -EINVAL; @@ -1321,7 +1321,7 @@ static int i_ipmi_request(ipmi_user_t unsigned char ipmb_seq; long seqid; - if (addr->channel >= IPMI_NUM_CHANNELS) { + if (addr->channel >= IPMI_MAX_CHANNELS) { spin_lock_irqsave(&intf->counter_lock, flags); intf->sent_invalid_commands++; spin_unlock_irqrestore(&intf->counter_lock, flags); _