On Mon, Sep 18, 2023 at 04:02:57PM +0100, Jonathan Cameron wrote:
> From: Dmitry Frolov
>
> According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
> to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
> array is iterated from 0 to 15. But it is staticaly
From: Dmitry Frolov
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
array is iterated from 0 to 15. But it is staticaly declared of length 8.
Thus, out of bound array access may occur.
Fixes: c28d
