summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorRoland Dreier <rolandd@cisco.com>2008-02-18 10:33:59 -0800
committerRoland Dreier <rolandd@cisco.com>2008-02-18 10:33:59 -0800
commit51af33e8e45b845d8ee85446f58e31bc4c118048 (patch)
tree5d82fbb684c0adc0a01f2277f93fab7da2ac3810 /include
parentedd2fd643c500c812cae5b0d314ab9db9f959898 (diff)
RDMA/nes: Fix possible array overrun
In nes_create_qp(), the test if (nesqp->mmap_sq_db_index > NES_MAX_USER_WQ_REGIONS) { is used to error out if the db_index is too large; however, if the test doesn't trigger, then the index is used as nes_ucontext->mmap_nesqp[nesqp->mmap_sq_db_index] = nesqp; and mmap_nesqp is declared as struct nes_qp *mmap_nesqp[NES_MAX_USER_WQ_REGIONS]; which leads to an array overrun if the index is exactly equal to NES_MAX_USER_WQ_REGIONS. Fix this by bailing out if the index is greater than or equal to NES_MAX_USER_WQ_REGIONS. This was spotted by the Coverity checker (CID 2162). Acked-by: Glenn Streiff <gstreiff@neteffect.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions