Re: [PATCH v2] libbpf: fix UAF in strset__add_str()

Next message: Lars Melin: "Re: [PATCH v2] USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e-m"
Previous message: Heming Zhao: "Re: [PATCH v2] ocfs2: kill osb-&gt;system_file_mutex lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Carlos Llamas

Date: Mon May 18 2026 - 00:59:25 EST

On Fri, May 15, 2026 at 03:08:47PM -0700, Andrii Nakryiko wrote:
> I agree that this is a usability problem, but I'd handle it by
> recalculating s pointer to correct one if it happens to be coming from
> invalidated strs_data. Something along the lines of:
>
> const char *old_data = set->strs_data;
> size_t old_data_len = set->strs_data_len;
>
> p = strset_add_str_mem(...);
> if (!p)
> return -ENOMEM;
>
> if (p != old_data && s >= old_data && s < old_data + old_data_len)
> s = p + (s - old_data);
>
>
> At this point s will be correct even if it was invalidated.
>
> pw-bot: cr

Oh right, that totally works. I've tested the changes and will send a
new patch. Obviously 'p' was meant to be 'set->strs_data' in the check.

Thanks,
--
Carlos Llamas