On Mon, Sep 5, 2016 at 7:49 PM, One Thousand Gnomes
wrote:
>> different runs). Looking at code, the following looks suspicious -- we
>> limit copy by 512 bytes, but use the original count which can be
>> larger than 512:
>>
>> static void sixpack_receive_buf(struct tty_struct *tty,
>> const un
> different runs). Looking at code, the following looks suspicious -- we
> limit copy by 512 bytes, but use the original count which can be
> larger than 512:
>
> static void sixpack_receive_buf(struct tty_struct *tty,
> const unsigned char *cp, char *fp, int count)
> {
> unsigned char buf
On Sat, 3 Sep 2016 15:38:08 +0200
Dmitry Vyukov wrote:
> Hello,
>
> While running syzkaller fuzzer I've got the following report:
>
> BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at
> addr 880037fbf850
> Read of size 1 by task syz-executor/6759
> page:eadfefc0
Hello,
While running syzkaller fuzzer I've got the following report:
BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at
addr 880037fbf850
Read of size 1 by task syz-executor/6759
page:eadfefc0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x1fffc
Hello,
While running syzkaller fuzzer I've got the following report:
BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at
addr 880037fbf850
Read of size 1 by task syz-executor/6759
page:eadfefc0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x1fffc
5 matches
Mail list logo
