On Mon, 2015-11-09 at 15:24 +0300, Dan Carpenter wrote:
> Smatch complains about a possible out of bounds error:
>
> drivers/vfio/pci/vfio_pci_config.c:1241 vfio_cap_init()
> error: buffer overflow 'pci_cap_length' 20 <= 20
>
> The problem is that pci_cap_length[] was defined as large enough to
> hold "PCI_CAP_ID_AF + 1" elements. The code in vfio_cap_init() assumes
> it has PCI_CAP_ID_MAX + 1 elements. Originally, PCI_CAP_ID_AF and
> PCI_CAP_ID_MAX were the same but then we introduced PCI_CAP_ID_EA in
> f80b0ba95964 ('PCI: Add Enhanced Allocation register entries') so now
> the array is too small.
>
> Let's fix this by making the array size PCI_CAP_ID_MAX + 1. And let's
> make a similar change to pci_ext_cap_length[] for consistency. Also
> both these arrays can be made const.
>
> Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
> ---
Applied to next for v4.4. Thanks!
Alex
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
