From: bugzilla-daemon@kernel.org
To: linux-scsi@vger.kernel.org
Subject: [Bug 215943] UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32
Date: Wed, 18 May 2022 01:10:01 +0000 [thread overview]
Message-ID: <bug-215943-11613-pV7v1iPMPg@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-215943-11613@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=215943
darren.armstrong85@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darren.armstrong85@gmail.co
| |m
--- Comment #1 from darren.armstrong85@gmail.com ---
Created attachment 300986
--> https://bugzilla.kernel.org/attachment.cgi?id=300986&action=edit
drivers: scsi: megaraid: fix ldSpanMap array declarations
It looks like ldSpanMap arrays are being declared with a length of 1 whilst the
accompanying ldTgtIdToLd lookup is set up using max limits.
This looks to be quite old code (2010) which makes me a bit suspicious that
I've missed something about how this works. But I couldn't find anything in
the current source or commit logs to explain why it was this way. So it looks
like an honest oversight from what I can tell.
I've attached a patch that matches lengths between ldSpanMap and ldTgtIdToLd in
the two cases I was able to identify. Is it possible to test with this patch
applied?
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
next prev parent reply other threads:[~2022-05-18 1:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-05 13:03 [Bug 215943] New: UBSAN: array-index-out-of-bounds in drivers/scsi/megaraid/megaraid_sas_fp.c:103:32 bugzilla-daemon
2022-05-18 1:10 ` bugzilla-daemon [this message]
2022-05-27 1:04 ` [Bug 215943] " bugzilla-daemon
2022-05-27 20:41 ` bugzilla-daemon
2022-06-08 5:36 ` bugzilla-daemon
2022-06-08 6:39 ` bugzilla-daemon
2022-06-22 22:27 ` bugzilla-daemon
2022-08-16 21:47 ` bugzilla-daemon
2022-08-24 20:26 ` bugzilla-daemon
2022-11-10 22:22 ` bugzilla-daemon
2022-11-12 2:20 ` bugzilla-daemon
2023-09-11 7:47 ` bugzilla-daemon
2023-09-11 8:19 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-215943-11613-pV7v1iPMPg@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.