| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <eaea66b9-266a-46e7-980d-33f40ad4b215@sabinyo.mountain>
Date: Wed, 25 Jun 2025 10:22:19 -0500
From: Dan Carpenter <dan.carpenter@...aro.org>
To: thomas.weissschuh@...utronix.de
Cc: John Ogness <john.ogness@...utronix.de>, Kees Cook <kees@...nel.org>,
linux-hardening@...r.kernel.org
Subject: [bug report] printk: ringbuffer: Add KUnit test
Hello Thomas Weißschuh,
The patch 5ea2bcdfbf46: "printk: ringbuffer: Add KUnit test" from Jun
12, 2025, leads to the following static checker warning:
kernel/printk/printk_ringbuffer_kunit_test.c:91 prbtest_check_data()
(unpublished script worries this an off by one)
kernel/printk/printk_ringbuffer_kunit_test.c
83 static bool prbtest_check_data(const struct prbtest_rbdata *dat)
84 {
85 unsigned int len;
86
87 /* Sane length? */
88 if (dat->len < 1 || dat->len > MAX_RBDATA_TEXT_SIZE)
89 return false;
90
--> 91 if (dat->text[dat->len] != '\0')
92 return false;
93
My question is that the prbtest_rbdata structure is declared like this:
53 /* test data structure */
54 struct prbtest_rbdata {
55 unsigned int len;
56 char text[] __counted_by(len);
57 };
The size of text is not really counted by len, it's "MAX_RBDATA_TEXT_SIZE
+ 1". The condition "if (dat->text[dat->len] != '\0')" is reading one
element beyond the __counted_by() value so something should complain if
we enable all the debugging, right?
regards,
dan carpenter
Powered by blists - more mailing lists