On Sat, Sep 28, 2013 at 09:51:14PM +0200, Wolfram Gloger wrote:
> Kees Cook writes:
>
> > Please note that these bounds checks aren't correct to begin with. Since
> > a pointer is being dereferenced, the end boundry must be reduced by
> > sizeof(unsigned long) as well.
> >
> > It looks like proce
Kees Cook writes:
> Please note that these bounds checks aren't correct to begin with. Since
> a pointer is being dereferenced, the end boundry must be reduced by
> sizeof(unsigned long) as well.
>
> It looks like process_32.c suffers the same problems, too.
I can't see the end boundary problem
On Fri, Sep 13, 2013 at 3:03 AM, Wolfram Gloger
wrote:
> "H. Peter Anvin" writes:
>
>> Actually, the sanest would be:
>>
>> if (fp < (unsigned long)stack ||
>> fp >= (unsigned long)stack+(THREAD_SIZE-16))
>>
>> ... wouldn't it (since we are accessing an 8-byte datum at offset +8?
On Fri, Sep 13, 2013 at 3:03 AM, Wolfram Gloger
wrote:
> "H. Peter Anvin" writes:
>
>> Actually, the sanest would be:
>>
>> if (fp < (unsigned long)stack ||
>> fp >= (unsigned long)stack+(THREAD_SIZE-16))
>>
>> ... wouldn't it (since we are accessing an 8-byte datum at offset +8?
On Wed, Sep 11, 2013 at 10:16:32PM +0400, Dmitry Vyukov wrote:
> On Wed, Sep 11, 2013 at 2:06 AM, Andi Kleen wrote:
> >> Indeed, get_wchan ensures that fp >> fp+8:
> >>
> >> 434 if (fp < (unsigned long)stack ||
> >> 435 fp >= (unsigned long)stack+THREAD_SIZE)
>
On Wed, Sep 11, 2013 at 2:06 AM, Andi Kleen wrote:
>> Indeed, get_wchan ensures that fp> fp+8:
>>
>> 434 if (fp < (unsigned long)stack ||
>> 435 fp >= (unsigned long)stack+THREAD_SIZE)
>> 436 return 0;
>> 437 ip = *(u64 *)
> Indeed, get_wchan ensures that fp fp+8:
>
> 434 if (fp < (unsigned long)stack ||
> 435 fp >= (unsigned long)stack+THREAD_SIZE)
> 436 return 0;
> 437 ip = *(u64 *)(fp+8);
>
> It must check that fp+8 As far as I see, the
Hi,
We are working on a memory error detector AddressSanitizer for Linux
kernel
(https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel),
it can detect use-after-free and buffer-overflow errors.
Here is a new report from the tool:
[ 124.575597] ERROR: AddressSanitizer: heap
8 matches
Mail list logo