sfc: fix an off-by-one compare on an array size

encap_type should be checked to see if it is greater or equal to the size of array map to fix an off-by-one array size check. This fixes an array overrun read as detected by static analysis by CoverityScan, CID#1398883 ("Out-of-bounds-read") Fixes: 9b410801 ("sfc: insert catch-all filters for encapsulated traffic") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Edward Cree <ecree@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>

sfc: fix an off-by-one compare on an array size
encap_type should be checked to see if it is greater or equal to the size of array map to fix an off-by-one array size check. This fixes an array overrun read as detected by static analysis by CoverityScan, CID#1398883 ("Out-of-bounds-read") Fixes: 9b410801 ("sfc: insert catch-all filters for encapsulated traffic") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Edward Cree <ecree@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
e9904990 · Colin Ian King · David S. Miller · 1bae6c99 · e9904990
Commit e9904990 authored Jan 31, 2017 by Colin Ian King Committed by David S. Miller Jan 31, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/net/ethernet/sfc/ef10.c drivers/net/ethernet/sfc/ef10.c +1 -1

No files found.
--- a/drivers/net/ethernet/sfc/ef10.c
+++ b/drivers/net/ethernet/sfc/ef10.c
@@ -5080,7 +5080,7 @@ static int efx_ef10_filter_insert_def(struct efx_nic *efx,

 		/* quick bounds check (BCAST result impossible) */
 		BUILD_BUG_ON(EFX_EF10_BCAST != 0);
-		if (encap_type > ARRAY_SIZE(map) || map[encap_type] == 0) {
+		if (encap_type >= ARRAY_SIZE(map) || map[encap_type] == 0) {
 			WARN_ON(1);
 			return -EINVAL;
 		}