diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2018-04-03 10:52:22 +0200 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2018-04-10 03:32:45 +0200 |
commit | ccc495efb326d17be3e7790b5aa49b25e239ead7 (patch) | |
tree | 0175dd4432acf6e8aa060516df77280eb4207a60 /drivers/scsi | |
parent | scsi: dpt_i2o: Use after free in I2ORESETCMD ioctl (diff) | |
download | linux-ccc495efb326d17be3e7790b5aa49b25e239ead7.tar.xz linux-ccc495efb326d17be3e7790b5aa49b25e239ead7.zip |
scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler()
Smatch marks skb->data as untrusted so it complains that there is a
potential overflow here:
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c:2111 t4_uld_rx_handler()
error: buffer overflow 'cxgb4i_cplhandlers' 239 <= 255.
In this case, skb->data comes from the hardware or firmware so it's not
going to overflow unless there is a firmware bug.
[mkp: fixed braces]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi')
-rw-r--r-- | drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c index 406e94312d4e..211da1d5a869 100644 --- a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c +++ b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c @@ -2108,12 +2108,12 @@ static int t4_uld_rx_handler(void *handle, const __be64 *rsp, log_debug(1 << CXGBI_DBG_TOE, "cdev %p, opcode 0x%x(0x%x,0x%x), skb %p.\n", cdev, opc, rpl->ot.opcode_tid, ntohl(rpl->ot.opcode_tid), skb); - if (cxgb4i_cplhandlers[opc]) - cxgb4i_cplhandlers[opc](cdev, skb); - else { + if (opc >= ARRAY_SIZE(cxgb4i_cplhandlers) || !cxgb4i_cplhandlers[opc]) { pr_err("No handler for opcode 0x%x.\n", opc); __kfree_skb(skb); - } + } else + cxgb4i_cplhandlers[opc](cdev, skb); + return 0; nomem: log_debug(1 << CXGBI_DBG_TOE, "OOM bailing out.\n"); |