201676095dda7e5b31a5e1d116d10fc22985075e - SHIFTPHONES/mainline/linux

commit	201676095dda7e5b31a5e1d116d10fc22985075e	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Thu Mar 07 08:41:22 2019 +0300
committer	Juergen Gross <jgross@suse.com>	Fri Mar 08 17:58:14 2019 +0100
tree	813e414ea824d48f18cf89c805fba00dd7831fb8
parent	b1ddd406cd1e9bb51fa90d03ee562c832e38eb52 [diff]

xen, cpu_hotplug: Prevent an out of bounds access

The "cpu" variable comes from the sscanf() so Smatch marks it as
untrusted data.  We can't pass a higher value than "nr_cpu_ids" to
cpu_possible() or it results in an out of bounds access.

Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>

drivers/xen/cpu_hotplug.c[diff]

1 file changed

tree: 813e414ea824d48f18cf89c805fba00dd7831fb8