Hi all, Link: https://syzkaller.appspot.com/bug?id=f332576321998d36cd07d09c9c1268cfed1895c9
As reported by syzbot, vcs_read_buf() is overflowing `con_buf16`, since
this patch removed the following check:
- if (count > CON_BUF_SIZE) {
- count = CON_BUF_SIZE;
- filled = count - pos;
- }
Decreasing `count` by `min(HEADER_SIZE - pos, count)` bypasses this check.
Additionally, this patch also removed updates to `skip` and `filled`.
What should we do in order to fix it?
Thank you,
Peilin Ye
