[patch] mtd: off by one in INFTL_dumpVUchains()
Dan Carpenter
dan.carpenter at oracle.com
Tue Oct 21 01:08:35 PDT 2014
The ->PUtable[] array has "->nb_blocks" number of elemetns so this
comparison should be ">=" instead of ">". Otherwise it could result in
a minor read beyond the end of an array.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
Static analysis stuff. Not tested.
diff --git a/drivers/mtd/inftlmount.c b/drivers/mtd/inftlmount.c
index 487e64f..1388c8d 100644
--- a/drivers/mtd/inftlmount.c
+++ b/drivers/mtd/inftlmount.c
@@ -518,7 +518,7 @@ void INFTL_dumpVUchains(struct INFTLrecord *s)
pr_debug("INFTL Virtual Unit Chains:\n");
for (logical = 0; logical < s->nb_blocks; logical++) {
block = s->VUtable[logical];
- if (block > s->nb_blocks)
+ if (block >= s->nb_blocks)
continue;
pr_debug(" LOGICAL %d --> %d ", logical, block);
for (i = 0; i < s->nb_blocks; i++) {
More information about the linux-mtd
mailing list