Line at 967 implies that rsp->fwdata.supported_fec may be up to 4: if (rsp->fwdata.supported_fec <= FEC_MAX_INDEX)
which would cause an out-of-bounds read at line 971: fecparam->fec = fec[rsp->fwdata.supported_fec]; However, the range of values for rsp->fwdata.supported_fec is 0 to 3. Fix the if condition at line 967, accordingly. Link: https://lore.kernel.org/lkml/mwhpr18mb142173b5f0541abd3d59860cde...@mwhpr18mb1421.namprd18.prod.outlook.com/ Fixes: d0cf9503e908 ("octeontx2-pf: ethtool fec mode support") Addresses-Coverity-ID: 1501722 ("Out-of-bounds read") Suggested-by: Hariprasad Kelam <hke...@marvell.com> Signed-off-by: Gustavo A. R. Silva <gustavo...@kernel.org> --- Changes in v2: - Fix if condition. drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c index 237e5d3321d4..f4962a97a075 100644 --- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c +++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c @@ -964,7 +964,7 @@ static int otx2_get_fecparam(struct net_device *netdev, if (IS_ERR(rsp)) return PTR_ERR(rsp); - if (rsp->fwdata.supported_fec <= FEC_MAX_INDEX) { + if (rsp->fwdata.supported_fec < FEC_MAX_INDEX) { if (!rsp->fwdata.supported_fec) fecparam->fec = ETHTOOL_FEC_NONE; else -- 2.27.0