mask realloc copies elements from old array to new array. When
shrinking array it can go beyond allocated memory.
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
- for (i = 0; i < old->max; i++)
+ for (i = 0; i < min(old->max, new->max); i++)
new->masks[i] = old->masks[i];
new->masks[i] = old->masks[i];
+ BUG_ON(old->count > new->max);
new->count = old->count;
}
rcu_assign_pointer(tbl->mask_array, new);
new->count = old->count;
}
rcu_assign_pointer(tbl->mask_array, new);