Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp258734ybl; Tue, 20 Aug 2019 19:33:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqyVDy6TFudFUsmE24mLJ0iyPttn9jN4ydQ2XRcgmSopkzTrGaWpumn0Dca45BXwOPXSLDJ5 X-Received: by 2002:a17:90a:33ed:: with SMTP id n100mr3084535pjb.19.1566354807729; Tue, 20 Aug 2019 19:33:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1566354807; cv=pass; d=google.com; s=arc-20160816; b=GXbn9DDsmSvbaXOSYfGAI5Q9QJnZ8e3VPhS12oeH+gDYWedC8DyRbiWSTcbakMQkSM bG83GxcxylP1u8Bn5Xar67c0ht/WhCEmfZRBTDj1ohzX7EQ9yhG2gCis5gIgMwZcuO2f d2n13VlanvP7LJ86V1aTYmWys/hDd9MViE79N5ImFpMPgmXyKhYN9NN6i65ECdSa7kg0 UjDEvm+zlHlCUAqE1JRM6Bsl97KOjm4Yme3lBWdl6/S3mtsuiO8erD7kvRirRZPXR3RG 3qQXNgwfDMAQNRf3E7Ul1ouW1RGbKTNCDnymmYIpAjnkktM880E/6fOgl8OLBSmHqBgl vuzA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:domainkey-signature; bh=X1s7c/q2LhXifg1IRo4YM5sxau9UteN88ivBRni95ns=; b=hYut5tR4GftqWlRORRfsztSwrodDCNohvLrfsMpWBZG6r25QtMuGfVYlMqOQbrJxcf Nr8N+9z8yy4n4ZDB8LCFKVqCNLIvvfhOG6jd/niLqeo4RrUgAynNc2Np62bcRCTYtCS8 ay27oVWwOUhko78WOhXIYk2uIeVfRUeqaBB3RmqY76bite5pK2MFYQFc2KzilEX75MJl ak4Io+BjKN9PXReO8D/am0zgMqUQG27GiuNRenoWDBSoWP/hUDFPN7TUAvIOK/dQLNhk SMmN7jN4VF8A5UtHsYODjGDC2ZlVYgcwZuv/MVxoIedODeCXQ7D+YtY8QMl5SGSA3NWr 4gCw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zoho.com header.s=zm2019 header.b=Lq+ncVyE; arc=pass (i=1 spf=pass spfdomain=zoho.com dkim=pass dkdomain=zoho.com dmarc=pass fromdomain=zoho.com>); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=zoho.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r4si14684157pfg.26.2019.08.20.19.33.12; Tue, 20 Aug 2019 19:33:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zoho.com header.s=zm2019 header.b=Lq+ncVyE; arc=pass (i=1 spf=pass spfdomain=zoho.com dkim=pass dkdomain=zoho.com dmarc=pass fromdomain=zoho.com>); spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=zoho.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726898AbfHUBjr (ORCPT + 99 others); Tue, 20 Aug 2019 21:39:47 -0400 Received: from sender4-pp-o95.zoho.com ([136.143.188.95]:25534 "EHLO sender4-pp-o95.zoho.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726463AbfHUBjr (ORCPT ); Tue, 20 Aug 2019 21:39:47 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1566351579; cv=none; d=zoho.com; s=zohoarc; b=fp8j31Xa/U150l7Y6Fbp1R1Sgruh3tmrn7l8PPam2TDipyKsUCznK+wYJYB0oLjpxnKqrj1iBni6Yyb6QccD2kgnL9VySTEr8RDZ0fY+EJRTQSB6TtIGb3K7aZY5v0IVgxmLaSA8m9C3snw9nszXo7vK9Gr6D5+VZ9DmDjzMufY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566351579; h=Cc:Date:From:Message-ID:Subject:To:ARC-Authentication-Results; bh=X1s7c/q2LhXifg1IRo4YM5sxau9UteN88ivBRni95ns=; b=akJ+PnPqyhzoo0FohsHlhOFPprxL8hWejLAIkEahbv7t/ZQBUJ5PrCSijBmgiBM6W9Dg5r1aE7I6+cr9fknT0DRXj3xeG8RWqe+sAKPrTXWMgsKLPWJ6lCsHLXeaZRWn3DUPPZiXGCDztsVLfUdnqFSfpCt8Oj7MqInou2fUsD4= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=zoho.com; spf=pass smtp.mailfrom=kontais@zoho.com; dmarc=pass header.from= header.from= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=from:to:cc:subject:date:message-id; b=knMUgmONZ2y/YuDnv7B7dUtCXn8BCbophzl4idit5x/E7rEhfi4A9PzcP1aSMu3bfcbBSQqgJxba tJTQJl9+V2oW/czn9qtl1hoaSjPXsYEzn4SapA+3X+28AGv3LyVa DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1566351579; s=zm2019; d=zoho.com; i=kontais@zoho.com; h=From:To:Cc:Subject:Date:Message-Id; l=1322; bh=X1s7c/q2LhXifg1IRo4YM5sxau9UteN88ivBRni95ns=; b=Lq+ncVyE9B0GiDGyQwLxVAJe2SkVKTdmQ24y96S+aHwDOwAPnX9ExnIR7aEtAhe+ dW5Z7lXicQVW/7DdSaJUIQEe5HVyhwSBl1zBbuj6LMVoUB52IP7ouSkzRlPOP36ECmo AirHUhjOybKTub605M8Tzlqh1vhHcJCQUXGpdyqc= Received: from dev31.localdomain (103.244.59.4 [103.244.59.4]) by mx.zohomail.com with SMTPS id 1566351578120361.08327538001834; Tue, 20 Aug 2019 18:39:38 -0700 (PDT) From: Zhang Tao To: agk@redhat.com, snitzer@redhat.com Cc: dm-devel@redhat.com, linux-kernel@vger.kernel.org, Zhang Tao Subject: [PATCH] dm table: fix a potential array out of bounds Date: Wed, 21 Aug 2019 09:33:31 +0800 Message-Id: <1566351211-13280-1-git-send-email-kontais@zoho.com> X-Mailer: git-send-email 1.8.3.1 X-ZohoMailClient: External Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhang Tao allocate num + 1 for target and offset array, n_highs need num + 1 elements, the last element will be used for node lookup in function dm_table_find_target. Signed-off-by: Zhang Tao --- drivers/md/dm-table.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 7b6c3ee..fd7f604 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -160,20 +160,22 @@ static int alloc_targets(struct dm_table *t, unsigned int num) { sector_t *n_highs; struct dm_target *n_targets; + unsigned int alloc_num; /* * Allocate both the target array and offset array at once. * Append an empty entry to catch sectors beyond the end of * the device. */ - n_highs = (sector_t *) dm_vcalloc(num + 1, sizeof(struct dm_target) + + alloc_num = num + 1; + n_highs = (sector_t *) dm_vcalloc(alloc_num, sizeof(struct dm_target) + sizeof(sector_t)); if (!n_highs) return -ENOMEM; - n_targets = (struct dm_target *) (n_highs + num); + n_targets = (struct dm_target *) (n_highs + alloc_num); - memset(n_highs, -1, sizeof(*n_highs) * num); + memset(n_highs, -1, sizeof(*n_highs) * alloc_num); vfree(t->highs); t->num_allocated = num; -- 1.8.3.1