redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity

scsi: megaraid_sas: array overflow in megasas_dump_frame()

Browse source 
The "sz" variable is in terms of bytes, but we're treating the buffer as
an array of __le32 so we have to divide by 4.

Fixes: def0eab3af ("scsi: megaraid_sas: enhance debug logs in OCR context")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
Dan Carpenter 2017-02-14 19:38:55 +03:00 committed by Martin K. Petersen
parent 8e305cb2bd
commit 40a4c2c392
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/scsi/megaraid/megaraid_sas_base.c
View file

@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
__le32 *mfp = (__le32 *)mpi_request;
printk(KERN_INFO "IO request frame:\n\t");
for (i = 0; i < sz; i++) {
for (i = 0; i < sz / sizeof(__le32); i++) {
if (i && ((i % 8) == 0))
printk("\n\t");
printk("%08x ", le32_to_cpu(mfp[i]));