* [PATCH] maple_tree: Fix out of bounds access on mas_wr_node_walk()
@ 2022-07-13 2:13 Liam Howlett
0 siblings, 0 replies; only message in thread
From: Liam Howlett @ 2022-07-13 2:13 UTC (permalink / raw)
To: maple-tree, linux-mm, linux-kernel, Andrew Morton; +Cc: Yu Zhao
When walking the node, check to see if offset is within the range of
pivots before reading that pivot, otherwise return the max of the node.
Reported-by: Yu Zhao <yuzhao@google.com>
Fixes: d0aac5e48048 (Maple Tree: add new data structure)
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
---
lib/maple_tree.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 14e9ab14c1da..768707770926 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -2254,10 +2254,10 @@ static inline void mas_wr_node_walk(struct ma_wr_state *wr_mas)
wr_mas->pivots, mas->max);
offset = mas->offset;
min = mas_safe_min(mas, wr_mas->pivots, offset);
- max = wr_mas->pivots[offset];
if (unlikely(offset == count))
- goto max; /* may have been set to zero */
+ goto max;
+ max = wr_mas->pivots[offset];
index = mas->index;
if (unlikely(index <= max))
goto done;
--
2.35.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-13 2:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-13 2:13 [PATCH] maple_tree: Fix out of bounds access on mas_wr_node_walk() Liam Howlett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).