[patch 1/2] [SCSI] bfa: off by one in bfa_ioc_mbox_isr()

From: Dan Carpenter
Date: Wed Jul 06 2011 - 03:37:45 EST

Next message: Dan Carpenter: "[patch 2/2] [SCSI] bfa: test is always false in bfa_sfp_media_get()"
Previous message: Prashant P. Shah: "[PATCH] Staging: msm: fixed style issues found by checkpatch.pl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If mc == BFI_MC_MAX then we're reading past the end of the
mod->mbhdlr[] array.

Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>

diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
index d6c2bf3..052373b 100644
--- a/drivers/scsi/bfa/bfa_ioc.c
+++ b/drivers/scsi/bfa/bfa_ioc.c
@@ -2378,7 +2378,7 @@ bfa_ioc_mbox_isr(struct bfa_ioc_s *ioc)
return;
}

- if ((mc > BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn == NULL))
+ if ((mc >= BFI_MC_MAX) || (mod->mbhdlr[mc].cbfn == NULL))
return;

mod->mbhdlr[mc].cbfn(mod->mbhdlr[mc].cbarg, &m);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Carpenter: "[patch 2/2] [SCSI] bfa: test is always false in bfa_sfp_media_get()"
Previous message: Prashant P. Shah: "[PATCH] Staging: msm: fixed style issues found by checkpatch.pl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]