summaryrefslogtreecommitdiffstats
path: root/drivers/scsi/ufs/ufs.h
diff options
context:
space:
mode:
authorYaniv Gardi2016-10-18 02:09:24 +0200
committerMartin K. Petersen2016-11-08 23:29:58 +0100
commite3ce73d69aff44421d7899b235fec5ac2c306ff4 (patch)
tree7c59d906beef9776eea61845588c4b545453027e /drivers/scsi/ufs/ufs.h
parentscsi: cciss: replace custom function to hexdump (diff)
downloadkernel-qcow2-linux-e3ce73d69aff44421d7899b235fec5ac2c306ff4.tar.gz
kernel-qcow2-linux-e3ce73d69aff44421d7899b235fec5ac2c306ff4.tar.xz
kernel-qcow2-linux-e3ce73d69aff44421d7899b235fec5ac2c306ff4.zip
scsi: ufs: fix bugs related to null pointer access and array size
In this change there are a few fixes of possible NULL pointer access and possible access to index that exceeds array boundaries. Signed-off-by: Yaniv Gardi <ygardi@codeaurora.org> Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/ufs/ufs.h')
-rw-r--r--drivers/scsi/ufs/ufs.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/scsi/ufs/ufs.h b/drivers/scsi/ufs/ufs.h
index 845b874e2977..7a6ccb680049 100644
--- a/drivers/scsi/ufs/ufs.h
+++ b/drivers/scsi/ufs/ufs.h
@@ -46,6 +46,7 @@
#define QUERY_DESC_HDR_SIZE 2
#define QUERY_OSF_SIZE (GENERAL_UPIU_REQUEST_SIZE - \
(sizeof(struct utp_upiu_header)))
+#define RESPONSE_UPIU_SENSE_DATA_LENGTH 18
#define UPIU_HEADER_DWORD(byte3, byte2, byte1, byte0)\
cpu_to_be32((byte3 << 24) | (byte2 << 16) |\
@@ -416,7 +417,7 @@ struct utp_cmd_rsp {
__be32 residual_transfer_count;
__be32 reserved[4];
__be16 sense_data_len;
- u8 sense_data[18];
+ u8 sense_data[RESPONSE_UPIU_SENSE_DATA_LENGTH];
};
/**
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-08 22:07:21 +0200