pool/drbd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4e5f7cbf78
drbd/bsc-1206791-08-lib-lru_cache-Fixed-array-overflow-caused-by-incorre.patch
heming zhao 4e5f7cbf78 Accepting request 1056192 from home:hmzhao:branches:network:ha-clustering:Factory 
- drbd: fix build error against kernel v6.1.1 (bsc#1206791)
  * update bsc-1201335_06-bdi.patch commit log (no code change)
    + bsc-1201335_06-bdi.patch
  * update bsc-1202600_02-dax-introduce-DAX_RECOVERY_WRITE-dax-access-mode.patch (no code change)
    + bsc-1202600_02-dax-introduce-DAX_RECOVERY_WRITE-dax-access-mode.patch
  * using upstream patch to replace exist patch
    - bsc-1204596_02-drbd-stop-using-bdevname-in-drbd_report_io_error.patch
    + bsc-1204596_02-drbd-remove-usage-of-bdevname.patch
  * add new patches
    + bsc-1206791-01-drbd-add-comments-explaining-removal-of-bdi-congesti.patch
    + bsc-1206791-02-drbd-fix-static-analysis-warnings.patch
    + bsc-1206791-03-drbd-fix-warning-about-initializing-multiple-struct-.patch
    + bsc-1206791-04-blk_queue_split__no_present.patch
    + bsc-1206791-05-prandom_u32_max.patch
    + bsc-1206791-06-write_zeroes__no_capable.patch
    + bsc-1206791-07-drbd-fix-use-after-free-bugs-in-get_initial_state.patch
    + bsc-1206791-08-lib-lru_cache-Fixed-array-overflow-caused-by-incorre.patch
    + bsc-1206791-09-pmem-use-fs_dax_get_by_bdev-instead-of-dax_get_by_ho.patch

OBS-URL: https://build.opensuse.org/request/show/1056192
OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/drbd?expand=0&rev=142
2023-01-05 13:24:33 +00:00

37 lines
1.2 KiB
Diff
Raw Blame History

From c2a620949ed609d6e256d1ce4d671a6da6bfeac0 Mon Sep 17 00:00:00 2001
From: John Sanpe <sanpeqf@gmail.com>
Date: Sat, 23 Jul 2022 09:59:31 +0200
Subject: [PATCH] lib/lru_cache: Fixed array overflow caused by incorrect
boundary handling.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This problem occurs when malloc element failed on the first time.
At this time, the counter i is 0. When it's released, we subtract 1
in advance without checking, which will cause i to become UINT_MAX,
resulting in array overflow.
Signed-off-by: John Sanpe <sanpeqf@gmail.com>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
---
drbd/lru_cache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drbd/lru_cache.c b/drbd/lru_cache.c
index 7e604cdc87db..fc640490607a 100644
--- a/drbd/lru_cache.c
+++ b/drbd/lru_cache.c
@@ -127,7 +127,7 @@ struct lru_cache *lc_create(const char *name, struct kmem_cache *cache,
return lc;
/* else: could not allocate all elements, give up */
- for (i--; i; i--) {
+ while (i--) {
void *p = element[i];
kmem_cache_free(cache, (unsigned char *)p - e_off);
}
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink