Commit a77e3362 authored by KAMBAROV, ZAUR's avatar KAMBAROV, ZAUR Committed by Linus Torvalds
Browse files

[PATCH] coverity: i386: scsi_lib buffer overrun fix

The check in

627  		BUG_ON(index > SG_MEMPOOL_NR);

with SG_MEMPOOL_NR defined in

32   	#define SG_MEMPOOL_NR		(sizeof(scsi_sg_pools)/sizeof(struct scsi_host_sg_pool))

was not sufficient.

sgp, set in

629  		sgp = scsi_sg_pools + index;

is dereferenced in

630  		mempool_free(sgl, sgp->pool);
Signed-off-by: default avatarZaur Kambarov <>
Cc: <>
Cc: James Bottomley <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent a8f50345
......@@ -632,7 +632,7 @@ static void scsi_free_sgtable(struct scatterlist *sgl, int index)
struct scsi_host_sg_pool *sgp;
sgp = scsi_sg_pools + index;
mempool_free(sgl, sgp->pool);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment