lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANiq72nbyqrzGr3Uw_vx-+8DLiv6KbeULrxpyK8Lh4ma15cq8g@mail.gmail.com>
Date: Fri, 25 Oct 2024 10:10:38 +0200
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Nathan Chancellor <nathan@...nel.org>
Cc: Jan Hendrik Farr <kernel@...rr.cc>, Bill Wendling <morbo@...gle.com>, Kees Cook <kees@...nel.org>, 
	Thorsten Blum <thorsten.blum@...lux.com>, kent.overstreet@...ux.dev, 
	regressions@...ts.linux.dev, linux-bcachefs@...r.kernel.org, 
	linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, 
	ardb@...nel.org, ojeda@...nel.org
Subject: Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate

On Fri, Oct 25, 2024 at 3:15 AM Nathan Chancellor <nathan@...nel.org> wrote:
>
> on the official submission.

Same -- please feel free to add:

Reviewed-by: Miguel Ojeda <ojeda@...nel.org>

One nit below that is fine either way:

> > +# clang needs to be at least 19.1.3 to avoid __bdos miscalculations
> > +# https://github.com/llvm/llvm-project/pull/110497
> > +# https://github.com/llvm/llvm-project/pull/112636
> > +# TODO: when gcc 15 is released remove the build test and add gcc version check

I would perhaps move these closer to the respective lines they are
comment on (i.e. `depends on` and `def_bool`).

Thanks!

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ