lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1454690128-21994-7-git-send-email-alexander.shishkin@linux.intel.com>
Date:	Fri,  5 Feb 2016 18:35:15 +0200
From:	Alexander Shishkin <alexander.shishkin@...ux.intel.com>
To:	Greg KH <greg@...ah.com>
Cc:	Mathieu Poirier <mathieu.poirier@...aro.org>,
	Chunyan Zhang <zhang.chunyan@...aro.org>,
	laurent.fert@...el.com, yann.fouassier@...el.com,
	linux-kernel@...r.kernel.org,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Subject: [QUEUED v0 06/19] stm class: Fix an off-by-one in master array allocation

From: Chunyan Zhang <zhang.chunyan@...aro.org>

Since both sw_start and sw_end are master indices, the size of array
that holds them is sw_end - sw_start + 1, which the current code gets
wrong, allocating one item less than required.

This patch corrects the allocation size, avoiding potential slab
corruption.

Signed-off-by: Chunyan Zhang <zhang.chunyan@...aro.org>
[alexander.shishkin@...ux.intel.com: re-wrote the commit message]
Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
---
 drivers/hwtracing/stm/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index ddcb606ace..40a8b79ab7 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -618,7 +618,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data,
 	if (!stm_data->packet || !stm_data->sw_nchannels)
 		return -EINVAL;
 
-	nmasters = stm_data->sw_end - stm_data->sw_start;
+	nmasters = stm_data->sw_end - stm_data->sw_start + 1;
 	stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL);
 	if (!stm)
 		return -ENOMEM;
-- 
2.7.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ