Commit 4a02462a authored by Roel Kluin's avatar Roel Kluin Committed by James Bottomley

[SCSI] u14-34f: fix buffer overflow

This allows i == MAX_INT_PARAM, which is out of range for ints[]
Signed-off-by: default avatarRoel Kluin <roel.kluin@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
parent 8fe79162
......@@ -1070,7 +1070,7 @@ static int option_setup(char *str) {
char *cur = str;
int i = 1;
while (cur && isdigit(*cur) && i <= MAX_INT_PARAM) {
while (cur && isdigit(*cur) && i < MAX_INT_PARAM) {
ints[i++] = simple_strtoul(cur, NULL, 0);
if ((cur = strchr(cur, ',')) != NULL) cur++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment