From: Colin Ian King <colin.k...@canonical.com> The comparison of an out of range index into space->context_tbl is off-by-one and should be using >= rather than > in the comparison.
Detected by CoverityScan, CID#1419694 ("Out-of-bounds read") Fixes: 849246e7ce9ce ("tpm2: add session handle context saving and restoring to the space code") Signed-off-by: Colin Ian King <colin.k...@canonical.com> --- drivers/char/tpm/tpm2-space.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index d36d81e07076..009934269514 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -229,7 +229,7 @@ static bool tpm2_map_to_phandle(struct tpm_space *space, void *handle) int i; i = 0xFFFFFF - (vhandle & 0xFFFFFF); - if (i > ARRAY_SIZE(space->context_tbl) || !space->context_tbl[i]) + if (i >= ARRAY_SIZE(space->context_tbl) || !space->context_tbl[i]) return false; phandle = space->context_tbl[i]; -- 2.11.0 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel