Re: KASAN: slab-out-of-bounds Read in gadget_dev_desc_UDC_store
From: Greg KH
Date: Fri May 01 2020 - 03:05:44 EST
On Thu, Apr 30, 2020 at 11:03:54PM -0400, Kyungtae Kim wrote:
> We report a bug (in linux-5.6.8) found by FuzzUSB (a modified version
> of syzkaller).
>
> This happened when the size of "name" buffer is smaller than that of
> "page" buffer
> (after function kstrdup executed at line 263).
> I guess it comes from the "page" buffer containing 0 value in the middle.
> So accessing the "name" buffer with "len" variable, which is used to
> indicate the size of "page" buffer,
> triggered memory access violation.
> To fix, it may need to check the size of name buffer, and try to use
> right index variable.
Can you submit a patch for this as you have a reproducer to test the
issue?
thanks,
greg k-h