From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH] xen: arm: Avoid reading beyond the last module Date: Tue, 21 Jul 2015 15:49:52 +0100 Message-ID: <1437490192.8383.47.camel@citrix.com> References: <4EE5B48738DDED408878C97C8E050A8B1D7D4CE3@SJEXCHMB05.corp.ad.broadcom.com> <55ACEA63.5040107@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <55ACEA63.5040107@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall , "Chris (Christopher) Brand" , "xen-devel@lists.xen.org" Cc: Stefano Stabellini List-Id: xen-devel@lists.xenproject.org On Mon, 2015-07-20 at 13:32 +0100, Julien Grall wrote: > Hi Chris, > > On 17/07/15 21:48, Chris (Christopher) Brand wrote: > > nr_mods is set in add_boot_module() to the number of module > > array elements used. This function also ensures that nr_mods > > never exceeds MAX_MODULES (the size of the array). When looping > > through the array, the correct maximum index is "nr_mods-1", > > not "nr_mods". If the array is full, using the latter will in > > fact access beyond the end of the array. > > This was done correctly in boot_module_find_by_kind() and > > consider_modules() but incorrectly in discard_initial_modules() > > and next_module(). > > > > Signed-off-by: Chris Brand > > Reviewed-by: Julien Grall Acked + applied. Care should be taken when backporting since I think this off-by-one was the result of us previously not including Xen in nr_mods despite it being in the array or something like that (i..e the off-by-one used to be correct). Ian.