On Thu, Oct 31, 2013 at 02:01:02PM +0530, Mahesh Rajashekhara wrote: > It appears that driver runs into a problem here if fibsize is too small > because we allocate user_srbcmd with fibsize size only but later we access it > until user_srbcmd->sg.count to copy it over to srbcmd. Seems to be not > correct to test (fibsize < sizeof(*user_srbcmd)) because this structure > already includes one sg element and this is not needed for commands without > data. So, we would recommend to add the following (instead of test for > fibsize == 0). >
Don't forget the reported by tags. Reported-by: Nico Golde <n...@ngolde.de> Reported-by: Fabian Yamaguchi <f...@goesec.de> regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
