| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41ae307c-f6ff-49fb-a962-eb488152de71@stanley.mountain>
Date: Sat, 30 Nov 2024 13:07:56 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Neil Armstrong <neil.armstrong@...aro.org>
Cc: Viresh Kumar <vireshk@...nel.org>, Nishanth Menon <nm@...com>,
Stephen Boyd <sboyd@...nel.org>, linux-pm@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: [PATCH] opp: core: Fix off by one in dev_pm_opp_get_bw()
The "opp->bandwidth" array has "opp->opp_table->path_count" number of
elements. It's allocated in _opp_allocate(). So this > needs to be >=
to prevent an out of bounds access.
Fixes: d78653dcd8bf ("opp: core: implement dev_pm_opp_get_bw")
Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
---
drivers/opp/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index d4a0030a0228..09a1432561f6 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -121,7 +121,7 @@ unsigned long dev_pm_opp_get_bw(struct dev_pm_opp *opp, bool peak, int index)
return 0;
}
- if (index > opp->opp_table->path_count)
+ if (index >= opp->opp_table->path_count)
return 0;
if (!opp->bandwidth)
--
2.45.2
Powered by blists - more mailing lists