Re: Bug report - slab-out-of-bounds in vcs_scr_readw

From: Or Cohen
Date: Mon Nov 04 2019 - 11:15:36 EST

Next message: Chuhong Yuan: "[PATCH] dmaengine: dma-jz4780: add missed clk_disable_unprepare in remove"
Previous message: Marco Elver: "Re: KCSAN: data-race in process_srcu / synchronize_srcu"
In reply to: Nicolas Pitre: "Re: Bug report - slab-out-of-bounds in vcs_scr_readw"
Next in thread: Nicolas Pitre: "Re: Bug report - slab-out-of-bounds in vcs_scr_readw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

@gregkh@xxxxxxxxxxxxxxxxxxx @nico@xxxxxxxxxxx - Thanks for the quick response.
@gregkh@xxxxxxxxxxxxxxxxxxx - Regarding your question, I don't think
the 1 byte buffer is related to the problem. ( it's just was there in
the initial reproducer the fuzzer created, and I forgot to remove it
while reducing code from the reproducer ).
I think the problem is related to the huge size argument , which
influences the initialization of "this_round".

On Mon, Nov 4, 2019 at 7:50 AM Nicolas Pitre <nico@xxxxxxxxxxx> wrote:
>
> On Mon, 4 Nov 2019, Greg KH wrote:
>
> > On Mon, Nov 04, 2019 at 04:39:55AM -0800, Or Cohen wrote:
> > > Hi,
> > > I discovered a OOB access bug using Syzkaller and decided to report it,
> > > as I could not find a similar report in syzkaller mailing list,
> > > syzkaller-bugs mailing list
> [...]
> >
> > I am at another conference at the moment and can't look at this much
> > now, will try to later this week...
>
> I'll looking into it now.
>
>
> Nicolas

Next message: Chuhong Yuan: "[PATCH] dmaengine: dma-jz4780: add missed clk_disable_unprepare in remove"
Previous message: Marco Elver: "Re: KCSAN: data-race in process_srcu / synchronize_srcu"
In reply to: Nicolas Pitre: "Re: Bug report - slab-out-of-bounds in vcs_scr_readw"
Next in thread: Nicolas Pitre: "Re: Bug report - slab-out-of-bounds in vcs_scr_readw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]