From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date: Tue, 7 Jun 2016 15:04:16 +0300
> In the current code "ent_per_page" could be more than "conn_num" making
> "conn_num" negative after the subtraction. In the next iteration
> through the loop then the negative is treated as a very high positive
> meaning we don't put a limit on "ent_num". It could lead to memory
> corruption.
>
> Fixes: dbb799c39717 ('qed: Initialize hardware for new protocols')
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
