Re: BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70

From: Nick Desaulniers
Date: Tue Jul 16 2019 - 15:45:41 EST


On Tue, Jul 16, 2019 at 11:57 AM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> On Tue, 16 Jul 2019 11:28:29 -0700
> Nick Desaulniers <ndesaulniers@xxxxxxxxxx> wrote:
>
> > The cited code looks like a check comparing that the pointer distance
> > is greater than the size of bytes being passed in. I'd wager
> > someone's calling memmove with overlapping memory regions when they
> > really wanted memcpy. Maybe a better question, is why was memmove
> > ever used; if there was some invariant that the memory regions
> > overlapped, why is that invariant no longer holding.
>
> I'm confused by the above statement as memmove() allows overlapping of
> src and dest, where as memcpy() does not.

Yes you're right; I confused the two. From the snippet in the
original email, it looks like the body of a fortified memcpy was
provided, and a memmove declaration was below it. So replace my
assumption of a bad call to memmove with a bad call to memcpy (which
should then make more sense, hopefully).
--
Thanks,
~Nick Desaulniers