|
| From: | Michael Tokarev |
| Subject: | Re: [PATCH v3] hw/cxl: Fix out of bound array access |
| Date: | Thu, 14 Sep 2023 15:36:05 +0300 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 |
14.09.2023 10:06, Dmitry Frolov wrote:
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up to 16. This also corresponds to CXL specs. So, the fw->target_hbs[] array is iterated from 0 to 15. But it is statically declared of length 8. Thus, out of bound array access may occur. Found by Linux Verification Center (linuxtesting.org) with SVACE. v2: assert added v3: assert removed
So it's the same as the initial submission. /mjt
| [Prev in Thread] | Current Thread | [Next in Thread] |