search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: d37af74) | patch
scsi: megasas: check 'read_queue_head' index value
commitb60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2
authorPrasad J Pandit <pjp@fedoraproject.org>
Wed, 25 May 2016 12:25:10 +0000 (25 17:55 +0530)
committerPaolo Bonzini <pbonzini@redhat.com>
Sun, 29 May 2016 07:11:11 +0000 (29 09:11 +0200)
tree0e470ca2c4bfa4d518b7a9249a5406feb4a665e9tree | snapshot (tar.gz zip)
parentd37af740730dbbb93960cd318e040372d04d6dcfcommit | diff
scsi: megasas: check 'read_queue_head' index value

While doing MegaRAID SAS controller command frame lookup, routine
'megasas_lookup_frame' uses 'read_queue_head' value as an index
into 'frames[MEGASAS_MAX_FRAMES=2048]' array. Limit its value
within array bounds to avoid any OOB access.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1464179110-18593-1-git-send-email-ppandit@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
hw/scsi/megasas.c diff | blob | blame | history
AR7 emulation for QEMU