Searched hist:a66998e0fbf213d47d02813b9679426129d0d114 (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/net/ethernet/hisilicon/hns/ |
| H A D | hns_dsaf_misc.c | diff a66998e0fbf213d47d02813b9679426129d0d114 Tue Nov 16 21:44:53 CST 2021 Teng Qi <starmiku1207184332@gmail.com> ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
The if statement:
if (port >= DSAF_GE_NUM)
return;
limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur:
port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;
because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).
To fix this possible array overflow, we first check port and if it is
greater than or equal to DSAF_MAX_PORT_NUM, the function returns.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Teng Qi <starmiku1207184332@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|