tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()

If an error occurs in dsa_devlink_region_create(), then 'priv->regions'
array will be accessed by negative index '-1'.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: bf425b82059e ("net: dsa: sja1105: expose static config as devlink region")
Link: https://lore.kernel.org/r/20220817003845.389644-1-subkhankulov@ispras.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Rustam Subkhankulov and committed by
Jakub Kicinski fd8e899c bec13ba9

+1 -1
+1 -1
drivers/net/dsa/sja1105/sja1105_devlink.c
··· 93 93 94 94 region = dsa_devlink_region_create(ds, ops, 1, size); 95 95 if (IS_ERR(region)) { 96 - while (i-- >= 0) 96 + while (--i >= 0) 97 97 dsa_devlink_region_destroy(priv->regions[i]); 98 98 return PTR_ERR(region); 99 99 }