d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sfxge(4): fix out of bounds read in VIs allocation

Browse Source 
Submitted by:   Andy Moreton <amoreton at solarflare.com>
Sponsored by:   Solarflare Communications, Inc.
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D18068
This commit is contained in:
Andrew Rybchenko 2018-11-23 07:50:34 +00:00
parent 8302d100a0
commit 454502b9f1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/dev/sfxge/common/ef10_nic.c
View File

@ -504,7 +504,7 @@ efx_mcdi_alloc_vis(
{
efx_mcdi_req_t req;
uint8_t payload[MAX(MC_CMD_ALLOC_VIS_IN_LEN,
MC_CMD_ALLOC_VIS_OUT_LEN)];
MC_CMD_ALLOC_VIS_EXT_OUT_LEN)];
efx_rc_t rc;
if (vi_countp == NULL) {
@ -517,7 +517,7 @@ efx_mcdi_alloc_vis(
req.emr_in_buf = payload;
req.emr_in_length = MC_CMD_ALLOC_VIS_IN_LEN;
req.emr_out_buf = payload;
req.emr_out_length = MC_CMD_ALLOC_VIS_OUT_LEN;
req.emr_out_length = MC_CMD_ALLOC_VIS_EXT_OUT_LEN;
MCDI_IN_SET_DWORD(req, ALLOC_VIS_IN_MIN_VI_COUNT, min_vi_count);
MCDI_IN_SET_DWORD(req, ALLOC_VIS_IN_MAX_VI_COUNT, max_vi_count);