[PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()
Yuntao Wang
ytcoode at gmail.com
Mon Dec 18 00:19:15 PST 2023
mem->nr_ranges represents the current number of elements stored in
the mem->ranges array, and mem->max_nr_ranges represents the maximum number
of elements that the mem->ranges array can hold. Therefore, the correct
array out-of-bounds check should be mem->nr_ranges >= mem->max_nr_ranges.
Signed-off-by: Yuntao Wang <ytcoode at gmail.com>
---
kernel/crash_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index d4313b53837e..991494d4cf43 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -627,7 +627,7 @@ int crash_exclude_mem_range(struct crash_mem *mem,
return 0;
/* Split happened */
- if (i == mem->max_nr_ranges - 1)
+ if (mem->nr_ranges >= mem->max_nr_ranges)
return -ENOMEM;
/* Location where new range should go */
--
2.43.0
More information about the kexec
mailing list