scsi: megaraid_sas: array overflow in megasas_dump_frame()

The "sz" variable is in terms of bytes, but we're treating the buffer as an array of __le32 so we have to divide by 4. Fixes: def0eab3 ("scsi: megaraid_sas: enhance debug logs in OCR context") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Sumit Saxena <sumit.saxena@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

scsi: megaraid_sas: array overflow in megasas_dump_frame()
The "sz" variable is in terms of bytes, but we're treating the buffer as an array of __le32 so we have to divide by 4. Fixes: def0eab3 ("scsi: megaraid_sas: enhance debug logs in OCR context") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Sumit Saxena <sumit.saxena@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
40a4c2c3 · Dan Carpenter · Martin K. Petersen · 8e305cb2 · 40a4c2c3
Commit 40a4c2c3 authored Feb 14, 2017 by Dan Carpenter Committed by Martin K. Petersen Feb 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/scsi/megaraid/megaraid_sas_base.c drivers/scsi/megaraid/megaraid_sas_base.c +1 -1

No files found.
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -2754,7 +2754,7 @@ megasas_dump_frame(void *mpi_request, int sz)
 	__le32 *mfp = (__le32 *)mpi_request;

 	printk(KERN_INFO "IO request frame:\n\t");
-	for (i = 0; i < sz; i++) {
+	for (i = 0; i < sz / sizeof(__le32); i++) {
 		if (i && ((i % 8) == 0))
 			printk("\n\t");
 		printk("%08x ", le32_to_cpu(mfp[i]));