scsi: megasas: check 'read_queue_head' index value - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2016-05-25 14:25:10 +0200
committer	Paolo Bonzini	2016-05-29 09:11:11 +0200
commit	b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 (patch)
tree	0e470ca2c4bfa4d518b7a9249a5406feb4a665e9 /include/exec/user
parent	scsi: megasas: initialise local configuration data buffer (diff)
download	qemu-b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2.tar.gz qemu-b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2.tar.xz qemu-b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2.zip

scsi: megasas: check 'read_queue_head' index value

While doing MegaRAID SAS controller command frame lookup, routine 'megasas_lookup_frame' uses 'read_queue_head' value as an index into 'frames[MEGASAS_MAX_FRAMES=2048]' array. Limit its value within array bounds to avoid any OOB access. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1464179110-18593-1-git-send-email-ppandit@redhat.com> Reviewed-by: Alexander Graf <agraf@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'include/exec/user')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: