>-----Original Message----- >From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx] >Sent: Tuesday, February 14, 2017 10:09 PM >To: Kashyap Desai; Shivasharan S >Cc: Sumit Saxena; James E.J. Bottomley; Martin K. Petersen; >megaraidlinux.pdl@xxxxxxxxxxxx; linux-scsi@xxxxxxxxxxxxxxx; kernel- >janitors@xxxxxxxxxxxxxxx >Subject: [patch] scsi: megaraid_sas: array overflow in megasas_dump_frame() > >The "sz" variable is in terms of bytes, but we're treating the buffer as an array of >__le32 so we have to divide by 4. > >Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR context") >Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > >diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c >b/drivers/scsi/megaraid/megaraid_sas_base.c >index dc9f42e135bb..7ac9a9ee9bd4 100644 >--- a/drivers/scsi/megaraid/megaraid_sas_base.c >+++ b/drivers/scsi/megaraid/megaraid_sas_base.c >@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz) > __le32 *mfp = (__le32 *)mpi_request; > > printk(KERN_INFO "IO request frame:\n\t"); >- for (i = 0; i < sz; i++) { >+ for (i = 0; i < sz / sizeof(__le32); i++) { > if (i && ((i % 8) == 0)) > printk("\n\t"); > printk("%08x ", le32_to_cpu(mfp[i])); Thanks for fixing this. Acked-by: Sumit Saxena<sumit.saxena@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html