| Message ID | 20200311195954.27117-5-fllinden@amazon.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | server side user xattr support (RFC 8276) | expand |
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 0e75f7fb5fec..5de6449e6ff8 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2699,7 +2699,7 @@ static inline u32 nfsd4_seek_rsize(struct svc_rqst *rqstp, struct nfsd4_op *op) return (op_encode_hdr_size + 3) * sizeof(__be32); } -static const struct nfsd4_operation nfsd4_ops[] = { +static const struct nfsd4_operation nfsd4_ops[LAST_NFS4_OP + 1] = { [OP_ACCESS] = { .op_func = nfsd4_access, .op_name = "OP_ACCESS",
The nfsd4_ops was initialized by initializing individual indices (op numbers). So, the size of the array was determined by the largest op number. Some operations are enabled conditionally, based on config options. If a conditionally enabled operation were to be the highest numbered operation, the code (through OPDESC) would attempt to access memory beyond the end of the array. This currently can't happen, since the highest numbered op is not conditional, but it might in the future. So, always size the array with LAST_NFS4_OP + 1. Signed-off-by: Frank van der Linden <fllinden@amazon.com> --- fs/nfsd/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)