scsi: qedi: off by one in qedi_get_cmd_from_tid()

The > here should be >= or we end up reading one element beyond the end of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in qedi_alloc_itt(). Fixes: ace7f46b ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Cc: <stable@vger.kernel.org> # v4.10+ Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Manish Rangankar <Manish.Rangankar@cavium.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com>

scsi: qedi: off by one in qedi_get_cmd_from_tid()
The > here should be >= or we end up reading one element beyond the end of the qedi->itt_map[] array. The qedi->itt_map[] array is allocated in qedi_alloc_itt(). Fixes: ace7f46b ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Cc: <stable@vger.kernel.org> # v4.10+ Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Manish Rangankar <Manish.Rangankar@cavium.com> Signed-off-by: N Martin K. Petersen <martin.petersen@oracle.com>
fa2d9d6e · Dan Carpenter · Martin K. Petersen · 47c4ccd3 · fa2d9d6e
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/scsi/qedi/qedi_main.c drivers/scsi/qedi/qedi_main.c +1 -1

未找到文件。
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -1575,7 +1575,7 @@ struct qedi_cmd *qedi_get_cmd_from_tid(struct qedi_ctx *qedi, u32 tid)
 {
 	struct qedi_cmd *cmd = NULL;

-	if (tid > MAX_ISCSI_TASK_ENTRIES)
+	if (tid >= MAX_ISCSI_TASK_ENTRIES)
 		return NULL;

 	cmd = qedi->itt_map[tid].p_cmd;