在 2020/12/24 7:07, Richard Weinberger 写道:
Reproducer:
0. config KASAN && apply print.patch
1. mount ubifs on /root/temp
2. run test.sh
What does test.sh do?
Go to Link: https://bugzilla.kernel.org/show_bug.cgi?id=210865.
test.sh creates a very long path file test_file, and then create a
Chengsong Ke,
- Ursprüngliche Mail -
> The memory area allocated in ubifs_jnl_write_inode() is not aligned with 8
> bytes:
> ino_start = ino = kmalloc(write_len, GFP_NOFS);
>
> When ino_start passed into write_head -> ubifs_wbuf_write_nolock:
>n = aligned_len >> c->max_write_shift;
>
From: kechengsong
ubifs_jnl_write_inode() probably cause read out-of-bounds in some situation.
There is kasan stack:
[ 336.432159] BUG: KASAN: slab-out-of-bounds in
ecc_sw_hamming_calculate+0x1dc/0x7d0
[ 336.433634] Read of size 4 at addr 888019612ff8 by task kworker/u8:4/135
[
3 matches
Mail list logo