From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@citrix.com>
Subject: Re: [PATCH] xen: arm: Avoid reading beyond the last
	module
Date: Mon, 20 Jul 2015 13:32:35 +0100
Message-ID: <55ACEA63.5040107@citrix.com>
References: <4EE5B48738DDED408878C97C8E050A8B1D7D4CE3@SJEXCHMB05.corp.ad.broadcom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <4EE5B48738DDED408878C97C8E050A8B1D7D4CE3@SJEXCHMB05.corp.ad.broadcom.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: "Chris (Christopher) Brand" <chris.brand@broadcom.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Cc: Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

Hi Chris,

On 17/07/15 21:48, Chris (Christopher) Brand wrote:
> nr_mods is set in add_boot_module() to the number of module
> array elements used. This function also ensures that nr_mods
> never exceeds MAX_MODULES (the size of the array). When looping
> through the array, the correct maximum index is "nr_mods-1",
> not "nr_mods". If the array is full, using the latter will in
> fact access beyond the end of the array.
> This was done correctly in boot_module_find_by_kind() and
> consider_modules() but incorrectly in discard_initial_modules()
> and next_module().
> 
> Signed-off-by: Chris Brand <chris.brand@broadcom.com>

Reviewed-by: Julien Grall <julien.grall@citrix.com>

Regards,

-- 
Julien Grall