51af33e8e4
In nes_create_qp(), the test if (nesqp->mmap_sq_db_index > NES_MAX_USER_WQ_REGIONS) { is used to error out if the db_index is too large; however, if the test doesn't trigger, then the index is used as nes_ucontext->mmap_nesqp[nesqp->mmap_sq_db_index] = nesqp; and mmap_nesqp is declared as struct nes_qp *mmap_nesqp[NES_MAX_USER_WQ_REGIONS]; which leads to an array overrun if the index is exactly equal to NES_MAX_USER_WQ_REGIONS. Fix this by bailing out if the index is greater than or equal to NES_MAX_USER_WQ_REGIONS. This was spotted by the Coverity checker (CID 2162). Acked-by: Glenn Streiff <gstreiff@neteffect.com> Signed-off-by: Roland Dreier <rolandd@cisco.com> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
nes_cm.c | ||
nes_cm.h | ||
nes_context.h | ||
nes_hw.c | ||
nes_hw.h | ||
nes_nic.c | ||
nes_user.h | ||
nes_utils.c | ||
nes_verbs.c | ||
nes_verbs.h | ||
nes.c | ||
nes.h |