On Mon, Apr 15, 2019 at 09:32:44AM +0300, Dan Carpenter wrote:
> On Sun, Apr 14, 2019 at 05:37:26PM +0200, Vincent Stehlé wrote:
> > The `np->permission' structure is smaller than the `np' structure but
> > sizeof(*np) worth of data is copied in there. Fix the size passed to
> > copy_from_user() to
On Sun, Apr 14, 2019 at 05:37:26PM +0200, Vincent Stehlé wrote:
> The `np->permission' structure is smaller than the `np' structure but
> sizeof(*np) worth of data is copied in there. Fix the size passed to
> copy_from_user() to avoid overrun.
>
> Fixes: 3d2ec9dcd5539d42 ("staging: Android: Add 'v
Hello,
syzbot found the following crash on:
HEAD commit:9a33b369 usb-fuzzer: main usb gadget fuzzer driver
git tree: https://github.com/google/kasan/tree/usb-fuzzer
console output: https://syzkaller.appspot.com/x/log.txt?x=10e2e69f20
kernel config: https://syzkaller.appspot.com/x/
The `np->permission' structure is smaller than the `np' structure but
sizeof(*np) worth of data is copied in there. Fix the size passed to
copy_from_user() to avoid overrun.
Fixes: 3d2ec9dcd5539d42 ("staging: Android: Add 'vsoc' driver for cuttlefish.")
Signed-off-by: Vincent Stehlé
Cc: Greg Kroa
