| Message ID | 20180620104503.nrwlfak3gyxjg7s2@kili.mountain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, 2018-06-20 at 13:45 +0300, Dan Carpenter wrote: > If rq_state == ARRAY_SIZE() then we read one element beyond the end of > the blk_mq_rq_state_name_array[] array. > > Fixes: ec6dcf63c55c ("blk-mq-debugfs: Show more request state information") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c > index ffa622366922..1c4532e92938 100644 > --- a/block/blk-mq-debugfs.c > +++ b/block/blk-mq-debugfs.c > @@ -356,7 +356,7 @@ static const char *const blk_mq_rq_state_name_array[] = { > > static const char *blk_mq_rq_state_name(enum mq_rq_state rq_state) > { > - if (WARN_ON_ONCE((unsigned int)rq_state > > + if (WARN_ON_ONCE((unsigned int)rq_state >= > ARRAY_SIZE(blk_mq_rq_state_name_array))) > return "(?)"; > return blk_mq_rq_state_name_array[rq_state]; Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
On 6/20/18 4:45 AM, Dan Carpenter wrote: > If rq_state == ARRAY_SIZE() then we read one element beyond the end of > the blk_mq_rq_state_name_array[] array. Applied, thanks Dan.
diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c index ffa622366922..1c4532e92938 100644 --- a/block/blk-mq-debugfs.c +++ b/block/blk-mq-debugfs.c @@ -356,7 +356,7 @@ static const char *const blk_mq_rq_state_name_array[] = { static const char *blk_mq_rq_state_name(enum mq_rq_state rq_state) { - if (WARN_ON_ONCE((unsigned int)rq_state > + if (WARN_ON_ONCE((unsigned int)rq_state >= ARRAY_SIZE(blk_mq_rq_state_name_array))) return "(?)"; return blk_mq_rq_state_name_array[rq_state];
If rq_state == ARRAY_SIZE() then we read one element beyond the end of the blk_mq_rq_state_name_array[] array. Fixes: ec6dcf63c55c ("blk-mq-debugfs: Show more request state information") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>