2015-04-20 15:51:35

by Dan Carpenter

Subject: [patch] Bluetooth: btusb: off by one in rtl8723b_parse_firmware()

The ">" should be ">=" so that we don't read past the end of the array.

Fixes: 9d9a113e3695 ('Bluetooth: btusb: Add Realtek 8723A/8723B/8761A/8821A support')
Signed-off-by: Dan Carpenter <[email protected]>

diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 920f6fb..d21f3b4 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -1502,7 +1502,7 @@ static int rtl8723b_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
return -EINVAL;
}

- if (project_id > ARRAY_SIZE(project_id_to_lmp_subver)) {
+ if (project_id >= ARRAY_SIZE(project_id_to_lmp_subver)) {
BT_ERR("%s: unknown project id %d", hdev->name, project_id);
return -EINVAL;
}

2015-04-20 17:14:23

by Marcel Holtmann

Subject: Re: [patch] Bluetooth: btusb: off by one in rtl8723b_parse_firmware()

Hi Dan,

> The ">" should be ">=" so that we don't read past the end of the array.
>
> Fixes: 9d9a113e3695 ('Bluetooth: btusb: Add Realtek 8723A/8723B/8761A/8821A support')
> Signed-off-by: Dan Carpenter <[email protected]>

patch has been applied to bluetooth-next tree.

Regards

Marcel

2015-04-20 16:18:17

by Daniel Drake

Subject: Re: [patch] Bluetooth: btusb: off by one in rtl8723b_parse_firmware()

On Mon, Apr 20, 2015 at 9:51 AM, Dan Carpenter <[email protected]> wrote:
> The ">" should be ">=" so that we don't read past the end of the array.
>
> Fixes: 9d9a113e3695 ('Bluetooth: btusb: Add Realtek 8723A/8723B/8761A/8821A support')
> Signed-off-by: Dan Carpenter <[email protected]>

Oops! Your fix looks correct.

Thanks
Daniel