[PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()

From: Yuntao Wang
Date: Mon Dec 18 2023 - 03:20:37 EST

Next message: Ed Tsai (蔡宗軒): "Re: [PATCH 3/5] block: remove support for the host aware zone model"
Previous message: Yuntao Wang: "[PATCH 1/2] x86/crash: fix potential cmem->ranges array overflow"
In reply to: Yuntao Wang: "[PATCH 1/2] x86/crash: fix potential cmem->ranges array overflow"
Next in thread: Andrew Morton: "Re: [PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mem->nr_ranges represents the current number of elements stored in
the mem->ranges array, and mem->max_nr_ranges represents the maximum number
of elements that the mem->ranges array can hold. Therefore, the correct
array out-of-bounds check should be mem->nr_ranges >= mem->max_nr_ranges.

Signed-off-by: Yuntao Wang <ytcoode@xxxxxxxxx>
---
kernel/crash_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index d4313b53837e..991494d4cf43 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -627,7 +627,7 @@ int crash_exclude_mem_range(struct crash_mem *mem,
return 0;

/* Split happened */
- if (i == mem->max_nr_ranges - 1)
+ if (mem->nr_ranges >= mem->max_nr_ranges)
return -ENOMEM;

/* Location where new range should go */
--
2.43.0

Next message: Ed Tsai (蔡宗軒): "Re: [PATCH 3/5] block: remove support for the host aware zone model"
Previous message: Yuntao Wang: "[PATCH 1/2] x86/crash: fix potential cmem->ranges array overflow"
In reply to: Yuntao Wang: "[PATCH 1/2] x86/crash: fix potential cmem->ranges array overflow"
Next in thread: Andrew Morton: "Re: [PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]