[patch] nvme: lightnvm: buffer overflow in nvme_nvm_identity()
Matias Bjørling
m at bjorling.me
Tue Jan 26 01:56:57 PST 2016
On 01/26/2016 10:27 AM, Dan Carpenter wrote:
> nvme_nvm_id->ppaf is 4 bytes larger than nvm_id->ppaf. We're using the
> larger size struct for the sizeof() so we end up corrupting the
> first four bytes of nvm_id->groups[]. It doesn't look like we actually
> want to copy those last bytes anyway.
>
Thanks, Dan. You are right. The four bytes are overwritten afterwards
and hid the issue.
More information about the Linux-nvme
mailing list