hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9K8D1 CVE: NA -------------------------------- This reverts commit d77d7bbc1c59243c536a82076c8a3bdc87b98e41. Backport mainline patches(584892fd29a4 "scsi: ses: Fix possible desc_ptr out-of-bounds accesses") to replace it. Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com> --- drivers/scsi/ses.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c index 6b0397e5d47b..d6a8f7c0192c 100644 --- a/drivers/scsi/ses.c +++ b/drivers/scsi/ses.c @@ -569,11 +569,11 @@ static void ses_enclosure_data_process(struct enclosure_device *edev, int max_desc_len; if (desc_ptr) { - len = (desc_ptr[2] << 8) + desc_ptr[3]; - desc_ptr += 4; - if (desc_ptr + len > buf + page7_len) { + if (desc_ptr >= buf + page7_len) { desc_ptr = NULL; } else { + len = (desc_ptr[2] << 8) + desc_ptr[3]; + desc_ptr += 4; /* Add trailing zero - pushes into * reserved space */ desc_ptr[len] = '\0'; -- 2.31.1