[ofa-general] [PATCH] IB: Possible write outside array bounds
Hal Rosenstock
hal.rosenstock at gmail.com
Wed Jul 29 12:45:11 PDT 2009
On Wed, Jul 29, 2009 at 3:40 PM, Roland Dreier <rdreier at cisco.com> wrote:
>
> > There's also one thing on the send side I'm not sure about. It looks to
> me
> > like c14-9:3 might break if hop_cnt is max'd out as hop_ptr is
> incremented
> > but the array is not touched.
>
> Isn't that increment at the end of the DR part done to handle the
> pre-decrement that will be done as part of c14-13?
It was the other direction: c14-9 case 3 increments hop ptr and returns so
it looks like this could be hop_ptr 65 if it were 64 coming in to this case
and I don't see that prevented. Hope that's clearer...
-- Hal
> I think it's OK.
>
> - R.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20090729/98b9baf6/attachment.html>
More information about the general
mailing list