On 5/2/22 12:36, Christian Schoenebeck wrote:
On Freitag, 4. Februar 2022 06:06:09 CET Vitaly Chikunov wrote:
`struct dirent' returned from readdir(3) could be shorter (or longer)
than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
into unallocated page causing SIGSEGV.
On Freitag, 4. Februar 2022 06:06:09 CET Vitaly Chikunov wrote:
> `struct dirent' returned from readdir(3) could be shorter (or longer)
> than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> into unallocated page causing SIGSEGV. Example stack trace:
>
> #0
On Fri, 4 Feb 2022 19:19:39 +0300
"Dmitry V. Levin" wrote:
> On Fri, Feb 04, 2022 at 02:55:45PM +0100, Philippe Mathieu-Daudé wrote:
> > On 4/2/22 06:06, Vitaly Chikunov wrote:
> > > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > > than `sizeof(struct dirent)', thus
On Fri, Feb 04, 2022 at 07:19:39PM +0300, Dmitry V. Levin wrote:
> On Fri, Feb 04, 2022 at 02:55:45PM +0100, Philippe Mathieu-Daudé wrote:
> > On 4/2/22 06:06, Vitaly Chikunov wrote:
> > > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > > than `sizeof(struct dirent)',
On 4/2/22 17:04, Christian Schoenebeck wrote:
On Freitag, 4. Februar 2022 16:54:12 CET Philippe Mathieu-Daudé wrote:
On 4/2/22 16:50, Dmitry V. Levin wrote:
On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
[...]
struct dirent *
qemu_dirent_dup(struct dirent *dent)
{
On Fri, Feb 04, 2022 at 02:55:45PM +0100, Philippe Mathieu-Daudé wrote:
> On 4/2/22 06:06, Vitaly Chikunov wrote:
> > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> > into unallocated page causing
On Freitag, 4. Februar 2022 16:54:12 CET Philippe Mathieu-Daudé wrote:
> On 4/2/22 16:50, Dmitry V. Levin wrote:
> > On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
> > [...]
> >
> >>> struct dirent *
> >>> qemu_dirent_dup(struct dirent *dent)
> >>> {
> >>>
> >>> size_t sz
On 4/2/22 16:50, Dmitry V. Levin wrote:
On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
[...]
struct dirent *
qemu_dirent_dup(struct dirent *dent)
{
size_t sz = offsetof(struct dirent, d_name) + _D_EXACT_NAMLEN(dent) + 1;
But d_namlen is not populated by synth_direntry,
On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
[...]
> > struct dirent *
> > qemu_dirent_dup(struct dirent *dent)
> > {
> > size_t sz = offsetof(struct dirent, d_name) + _D_EXACT_NAMLEN(dent) + 1;
>
> But d_namlen is not populated by synth_direntry, so this will lead to
> a
Greg,
On Fri, Feb 04, 2022 at 04:16:06PM +0100, Greg Kurz wrote:
> On Fri, 04 Feb 2022 15:12:18 +0100
> Christian Schoenebeck wrote:
>
> > On Freitag, 4. Februar 2022 14:55:45 CET Philippe Mathieu-Daudé via wrote:
> > > On 4/2/22 06:06, Vitaly Chikunov wrote:
> > > > `struct dirent' returned
On Freitag, 4. Februar 2022 16:16:06 CET Greg Kurz wrote:
> On Fri, 04 Feb 2022 15:12:18 +0100
>
> Christian Schoenebeck wrote:
> > On Freitag, 4. Februar 2022 14:55:45 CET Philippe Mathieu-Daudé via wrote:
> > > On 4/2/22 06:06, Vitaly Chikunov wrote:
> > > > `struct dirent' returned from
On Fri, 04 Feb 2022 15:12:18 +0100
Christian Schoenebeck wrote:
> On Freitag, 4. Februar 2022 14:55:45 CET Philippe Mathieu-Daudé via wrote:
> > On 4/2/22 06:06, Vitaly Chikunov wrote:
> > > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > > than `sizeof(struct dirent)',
On Freitag, 4. Februar 2022 14:55:45 CET Philippe Mathieu-Daudé via wrote:
> On 4/2/22 06:06, Vitaly Chikunov wrote:
> > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> >
> > into unallocated page
On 4/2/22 06:06, Vitaly Chikunov wrote:
`struct dirent' returned from readdir(3) could be shorter (or longer)
than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
into unallocated page causing SIGSEGV. Example stack trace:
#0 0x559ebeed v9fs_co_readdir_many
On Fri, Feb 04, 2022 at 08:06:09AM +0300, Vitaly Chikunov wrote:
> `struct dirent' returned from readdir(3) could be shorter (or longer)
> than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> into unallocated page causing SIGSEGV. Example stack trace:
>
> #0
On Fri, Feb 04, 2022 at 03:15:38PM +0300, Dmitry V. Levin wrote:
> On Fri, Feb 04, 2022 at 08:06:09AM +0300, Vitaly Chikunov wrote:
> > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> > into
On Freitag, 4. Februar 2022 06:06:09 CET Vitaly Chikunov wrote:
> `struct dirent' returned from readdir(3) could be shorter (or longer)
> than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> into unallocated page causing SIGSEGV. Example stack trace:
>
> #0
`struct dirent' returned from readdir(3) could be shorter (or longer)
than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
into unallocated page causing SIGSEGV. Example stack trace:
#0 0x559ebeed v9fs_co_readdir_many (/usr/bin/qemu-system-x86_64 +
0x497eed)
#1
18 matches
Mail list logo
