[PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()

Yuntao Wang Mon, 18 Dec 2023 00:22:08 -0800

mem->nr_ranges represents the current number of elements stored in
the mem->ranges array, and mem->max_nr_ranges represents the maximum number
of elements that the mem->ranges array can hold. Therefore, the correct
array out-of-bounds check should be mem->nr_ranges >= mem->max_nr_ranges.


Signed-off-by: Yuntao Wang <ytco...@gmail.com>
---
 kernel/crash_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index d4313b53837e..991494d4cf43 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -627,7 +627,7 @@ int crash_exclude_mem_range(struct crash_mem *mem,
                return 0;
 
        /* Split happened */
-       if (i == mem->max_nr_ranges - 1)
+       if (mem->nr_ranges >= mem->max_nr_ranges)
                return -ENOMEM;
 
        /* Location where new range should go */
-- 
2.43.0


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range()

Reply via email to