SETUP_PORT_ATTRIBUTE increments count, making the write out of bounds (array of size 1) Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx> --- Credits to Parfait (http://research.sun.com/projects/parfait/) I suspect this isn't the only location where count shouldn't be incremented, Somebody should review this function. diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c index 0895d3c..c784ae4 100644 --- a/drivers/scsi/scsi_transport_sas.c +++ b/drivers/scsi/scsi_transport_sas.c @@ -1693,9 +1693,10 @@ sas_attach_transport(struct sas_function_template *ft) count = 0; SETUP_PORT_ATTRIBUTE(num_phys); - i->host_attrs[count] = NULL; count = 0; + i->host_attrs[count] = NULL; + SETUP_PHY_ATTRIBUTE(initiator_port_protocols); SETUP_PHY_ATTRIBUTE(target_port_protocols); SETUP_PHY_ATTRIBUTE(device_type); -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
