> In the current code "ent_per_page" could be more than "conn_num" making
> "conn_num" negative after the subtraction. In the next iteration through the
> loop then the negative is treated as a very high positive meaning we don't put a
> limit on "ent_num". It could lead to memory corruption.
>
> Fixes: dbb799c39717 ('qed: Initialize hardware for new protocols')
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
I don't think we can actually hit an issue here, since the number of iterations
was also calculated based on conn_num, so this can only happen on the last
iteration.
Regardless, yours is the correct way to go. Thanks, Yuval.
Acked-by: Yuval Mintz <Yuval.Mintz@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
