#264 incorrect array index in get_lan_param_select()
While working on the Calxeda cxoem extension, I was reviewing the get_lan_param_select() code in lib/ipmi_lanp.c and I found a bug in the ipmi_lan_params[] array index:
for (i = 0; ipmi_lan_params[i].cmd != (-1); i++) {
if (ipmi_lan_params[i].cmd == param) {
p = &ipmi_lan_params[param];
break;
}
}
The 3rd line should use i for the array index, not param:
- p = &ipmi_lan_params[param];
- p = &ipmi_lan_params[i];
The param value matches the cmd in the lan_param struct, but it's not the same as the ipmi_lan_params[] array index. Here is an example of what I mean. This problem becomes apparent with the OEM extensions which use values 192+.
Setting a breakpoint on the get_lan_param_select() function:
$ gdb ./ipmitool
(gdb) b get_lan_param_select
(gdb) run -H hostname -U user -P password lan print 1
(gdb) p ipmi_lan_params[28]
$1 = {cmd = 193, size = 4,
desc = "TFTP Server IP\000\000\000\000\000\000\000\000\000", data = 0x0,
data_len = 0}
(gdb) p sizeof(ipmi_lan_params) / sizeof(*ipmi_lan_params)
$2 = 40
As you can see, entry 28 in the array has cmd value of 193.
So, if ipmi_lan_params[i].cmd == param == 193 then
p = &ipmi_lan_params[param];
becomes
p = &ipmi_lan_params[193];
which is a bug because the array only has 40 entries.
Thus, the line should be
p = &ipmi_lan_params[i];
Committed to CVS.