| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Jul 2008 13:31:00 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Arjan van de Ven <arjan@...radead.org>
Cc: linux-kernel@...r.kernel.org, Al Viro <viro@...IV.linux.org.uk>
Subject: Re: Kernel oops (bug) in fs/buffers.c:create_empty_buffers
On Sun, 6 Jul 2008 13:23:02 -0700 Arjan van de Ven <arjan@...radead.org> wrote:
> Hi,
>
> caught this one on kerneloops.org:
> http://www.kerneloops.org/searchweek.php?search=create_empty_buffers
>
> void create_empty_buffers(struct page *page,
> unsigned long blocksize, unsigned long b_state)
> {
> struct buffer_head *bh, *head, *tail;
>
> head = alloc_page_buffers(page, blocksize, 1);
> bh = head;
> do {
> bh->b_state |= b_state;
> tail = bh;
> bh = bh->b_this_page;
> } while (bh);
>
>
> turns out, alloc_page_buffers() can fail and return NULL (for AIO for
> example)... yet this code blindly dereferences the result, getting a
> predictable NULL pointer fault.
>
> It's not directly clear what to do about... make this function return
> the failure to the caller?
isofs has a habit of returning impossible block sizes and the
while ((offset -= size) >= 0) {
consequently loops zero times and alloc_page_buffers() returns null.
Someone was having a look at it - maybe Jan?
I assume that the kernloops.org records link back to the original
report somewhere but I can't find it?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists