From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [PATCH] xen: arm: Avoid reading beyond the last module Date: Fri, 17 Jul 2015 11:14:08 +0100 Message-ID: <55A8D570.9020701@citrix.com> References: <4EE5B48738DDED408878C97C8E050A8B1D7D439D@SJEXCHMB05.corp.ad.broadcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4EE5B48738DDED408878C97C8E050A8B1D7D439D@SJEXCHMB05.corp.ad.broadcom.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: "Chris (Christopher) Brand" , "xen-devel@lists.xen.org" , Ian Campbell , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org Hi Christopher, Thank you for the patch. It looks like the mail as been sent in HTML. Can you resend it in plain text? You also need to cc the maintainers of the code you are modifying (I've CCed them this time). You can give a look to [1] to know how to send correctly the patch. On 16/07/15 22:41, Chris (Christopher) Brand wrote: > nr_mods is set in add_boot_module() to the number of module > > array elements used. This function also ensures that nr_mods > > never exceeds MAX_MODULES (the size of the array). When looping > > through the array, the correct maximum index is "nr_mods-1", > > not "nr_mods". If the array is full, using the latter will in > > fact access beyond the end of the array. > > This was done correctly in boot_module_find_by_kind() and > > consider_modules() but incorrectly in discard_initial_modules() > > and next_module(). > > > > Signed-off-by: Chris Brand The patch looks good to me. I think it's a candidate to backport in Xen 4.5. Regards, [1] http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches -- Julien Grall