Re: [patch] nvme: lightnvm: buffer overflow in nvme_nvm_identity()

From: Matias BjÃrling
Date: Tue Jan 26 2016 - 04:57:08 EST

Next message: Juri Lelli: "Re: [PATCH] cpufreq: Fix NULL reference crash while accessing policy->governor_data"
Previous message: Dmitry Vyukov: "net/rfkill: WARNING in rfkill_fop_read"
In reply to: Dan Carpenter: "[patch] nvme: lightnvm: buffer overflow in nvme_nvm_identity()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/26/2016 10:27 AM, Dan Carpenter wrote:
> nvme_nvm_id->ppaf is 4 bytes larger than nvm_id->ppaf. We're using the
> larger size struct for the sizeof() so we end up corrupting the
> first four bytes of nvm_id->groups[]. It doesn't look like we actually
> want to copy those last bytes anyway.
>

Thanks, Dan. You are right. The four bytes are overwritten afterwards
and hid the issue.

Next message: Juri Lelli: "Re: [PATCH] cpufreq: Fix NULL reference crash while accessing policy->governor_data"
Previous message: Dmitry Vyukov: "net/rfkill: WARNING in rfkill_fop_read"
In reply to: Dan Carpenter: "[patch] nvme: lightnvm: buffer overflow in nvme_nvm_identity()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]