| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Feb 2016 18:35:15 +0200 From: Alexander Shishkin <alexander.shishkin@...ux.intel.com> To: Greg KH <greg@...ah.com> Cc: Mathieu Poirier <mathieu.poirier@...aro.org>, Chunyan Zhang <zhang.chunyan@...aro.org>, laurent.fert@...el.com, yann.fouassier@...el.com, linux-kernel@...r.kernel.org, Alexander Shishkin <alexander.shishkin@...ux.intel.com> Subject: [QUEUED v0 06/19] stm class: Fix an off-by-one in master array allocation From: Chunyan Zhang <zhang.chunyan@...aro.org> Since both sw_start and sw_end are master indices, the size of array that holds them is sw_end - sw_start + 1, which the current code gets wrong, allocating one item less than required. This patch corrects the allocation size, avoiding potential slab corruption. Signed-off-by: Chunyan Zhang <zhang.chunyan@...aro.org> [alexander.shishkin@...ux.intel.com: re-wrote the commit message] Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com> --- drivers/hwtracing/stm/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c index ddcb606ace..40a8b79ab7 100644 --- a/drivers/hwtracing/stm/core.c +++ b/drivers/hwtracing/stm/core.c @@ -618,7 +618,7 @@ int stm_register_device(struct device *parent, struct stm_data *stm_data, if (!stm_data->packet || !stm_data->sw_nchannels) return -EINVAL; - nmasters = stm_data->sw_end - stm_data->sw_start; + nmasters = stm_data->sw_end - stm_data->sw_start + 1; stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL); if (!stm) return -ENOMEM; -- 2.7.0
Powered by blists - more mailing lists