On Wed, Oct 29, 2014 at 09:23:45AM -0700, Andy Lutomirski wrote: > I have no idea what the semantics are. All I'm saying is that it > looks like the code still accesses memory past the end of the buffer. > The buffer isn't a null pointer, so the symptom is different, but it > may still be a security bug. > > --Andy
It only reads one byte into the struct "xattr_data->type" so checking for non-zero is sufficient and the patch is fine. I fixed that exact same bug in lustre last week where the xattr size is not zero but it's less than the size of the struct. So this seems like maybe it could be a common anti-pattern though. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/