| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Dec 2023 16:19:15 +0800 From: Yuntao Wang <ytcoode@...il.com> To: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org, x86@...nel.org Cc: Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, Baoquan He <bhe@...hat.com>, Vivek Goyal <vgoyal@...hat.com>, Dave Young <dyoung@...hat.com>, Hari Bathini <hbathini@...ux.ibm.com>, Sean Christopherson <seanjc@...gle.com>, Takashi Iwai <tiwai@...e.de>, Yuntao Wang <ytcoode@...il.com> Subject: [PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range() mem->nr_ranges represents the current number of elements stored in the mem->ranges array, and mem->max_nr_ranges represents the maximum number of elements that the mem->ranges array can hold. Therefore, the correct array out-of-bounds check should be mem->nr_ranges >= mem->max_nr_ranges. Signed-off-by: Yuntao Wang <ytcoode@...il.com> --- kernel/crash_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/crash_core.c b/kernel/crash_core.c index d4313b53837e..991494d4cf43 100644 --- a/kernel/crash_core.c +++ b/kernel/crash_core.c @@ -627,7 +627,7 @@ int crash_exclude_mem_range(struct crash_mem *mem, return 0; /* Split happened */ - if (i == mem->max_nr_ranges - 1) + if (mem->nr_ranges >= mem->max_nr_ranges) return -ENOMEM; /* Location where new range should go */ -- 2.43.0
Powered by blists - more mailing lists