summaryrefslogtreecommitdiff
path: root/net/ipv6/reassembly.c
diff options
context:
space:
mode:
authorColin Ian King <colin.king@canonical.com>2017-01-31 16:30:02 +0000
committerDavid S. Miller <davem@davemloft.net>2017-01-31 12:25:32 -0500
commite9904990e8e70a51574e6ec6b872f3c705ec75f0 (patch)
treef09f227119e074b485f55a45c0cb6aa4460a4f21 /net/ipv6/reassembly.c
parent1bae6c99decf9137069646b593d3439171a8a8e2 (diff)
sfc: fix an off-by-one compare on an array size
encap_type should be checked to see if it is greater or equal to the size of array map to fix an off-by-one array size check. This fixes an array overrun read as detected by static analysis by CoverityScan, CID#1398883 ("Out-of-bounds-read") Fixes: 9b41080125176841e ("sfc: insert catch-all filters for encapsulated traffic") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Edward Cree <ecree@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/reassembly.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-02-19 16:35:21 +0000
ly workaround on my own now after triggering the problem for the second time with no feedback. This is likely to be the same bug reported as https://bugs.freedesktop.org/show_bug.cgi?id=98829 https://bugs.freedesktop.org/show_bug.cgi?id=99134 which has a patch for the underlying problem, but it hasn't gotten to me, so I'm applying the workaround. ] Cc: Daniel Vetter <daniel.vetter@intel.com> Cc: Jani Nikula <jani.nikula@linux.intel.com> Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com> Cc: Imre Deak <imre.deak@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/cifs/smberr.h')