Thanks Pete,

This is correct, the array should contain 3 elements. The bug was we were 
accessing a 4th element ([3]) which did not exist. We should be modifying the 
last element ([2]) instead.

-Scott

Hans-Peter Jansen wrote:

[from the nitpick department..]

Hi Jeff, hi Scott,

Adrian wrote:

quoted

The Coverity checker spotted the following two array overflows in 
drivers/net/chelsio/sge.c (in both cases, the arrays contain 3 
elements):

Am Freitag, 17. März 2006 01:21 schrieb Jeff Garzik:

quoted

Scott Bardone wrote:

quoted

Adrian,

This is a bug. The array should contain 2 elements.

Attached is a patch which fixes it.
Thanks.

Signed-off-by: Scott Bardone <redacted>

applied.  please avoid attachments and use a proper patch description
in the future.  I had to hand-edit and hand-apply your patch.

where you wrote in kernel tree commit 
347a444e687b5f8cf0f6485704db1c6024d3:
This is a bug. The array should contain 2 elements.  Here is the fix.

If I'm not completely off the track, you both committed a description 
off by one error: since the patch doesn't change the array size, it's 
presumely¹ still 3 elements, where index 2 references the last one.

Here's hopefully a better patch description:
Fixed off by one thinko in stats accounting, spotted by Coverity 
checker, notified by Adrian "The Cleanman" Bunk.

SCR,
Pete

¹) otherwise, it's still off by one..