On Fri, Jul 12, 2024 at 01:26:35PM +0200, Richard Weinberger wrote:
> Am Freitag, 12. Juli 2024, 13:19:32 CEST schrieb Heinrich Schuchardt:
> > > Hm, I see man built-ins in the U-Boot source.
> > > Why is this one special?
> >
> > See the definition of COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW in
> >
Am Freitag, 12. Juli 2024, 13:19:32 CEST schrieb Heinrich Schuchardt:
> > Hm, I see man built-ins in the U-Boot source.
> > Why is this one special?
>
> See the definition of COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW in
> include/linux/compiler-clang.h.
So I can't use __builtin_add_overflow() because
On 12.07.24 13:14, Richard Weinberger wrote:
Am Freitag, 12. Juli 2024, 13:10:12 CEST schrieb 'Heinrich Schuchardt' via
upstream:
On 02.07.24 21:42, Richard Weinberger wrote:
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem ca
Am Freitag, 12. Juli 2024, 13:10:12 CEST schrieb 'Heinrich Schuchardt' via
upstream:
> On 02.07.24 21:42, Richard Weinberger wrote:
> > While zalloc() takes a size_t type, adding 1 to the le32 variable
> > will overflow.
> > A carefully crafted ext4 filesystem can exhibit an inode size of 0xff
On 02.07.24 21:42, Richard Weinberger wrote:
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0x
and as consequence zalloc() will do a zero allocation.
Later in the function the inode size is
While zalloc() takes a size_t type, adding 1 to the le32 variable
will overflow.
A carefully crafted ext4 filesystem can exhibit an inode size of 0x
and as consequence zalloc() will do a zero allocation.
Later in the function the inode size is again used for copying data.
So an attacker ca
6 matches
Mail list logo
