On Tue, Sep 15, 2015 at 09:34:20PM +0200, Thomas Huth wrote: > The buffer that is allocated in spapr_populate_drconf_memory() > is used for setting both, the "ibm,dynamic-memory" and the > "ibm,associativity-lookup-arrays" property. However, only the > size of the first one is taken into account when allocating the > memory. So if the length of the second property is larger than > the length of the first one, we run into a buffer overflow here! > Fix it by taking the length of the second property into account, > too. > > Fixes: "spapr: Support ibm,dynamic-reconfiguration-memory" patch > Signed-off-by: Thomas Huth <th...@redhat.com>
Merged to spapr-next, thanks.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
pgp2n5LIq5Txz.pgp
Description: PGP signature
