forked from Minki/linux
nfc: nci: Potential off by one in ->pipes[] array
This is similar to commite285d5bfb7
("NFC: Fix the number of pipes") where we changed NFC_HCI_MAX_PIPES from 127 to 128. As the comment next to the define explains, the pipe identifier is 7 bits long. The highest possible pipe is 127, but the number of possible pipes is 128. As the code is now, then there is potential for an out of bounds array access: net/nfc/nci/hci.c:297 nci_hci_cmd_received() warn: array off by one? 'ndev->hci_dev->pipes[pipe]' '0-127 == 127' Fixes:11f54f2286
("NFC: nci: Add HCI over NCI protocol support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
d7ee81ad09
commit
6491d69839
@ -166,7 +166,7 @@ struct nci_conn_info {
|
||||
* According to specification 102 622 chapter 4.4 Pipes,
|
||||
* the pipe identifier is 7 bits long.
|
||||
*/
|
||||
#define NCI_HCI_MAX_PIPES 127
|
||||
#define NCI_HCI_MAX_PIPES 128
|
||||
|
||||
struct nci_hci_gate {
|
||||
u8 gate;
|
||||
|
Loading…
Reference in New Issue
Block a user