| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C0F87E8.8020405@kernel.org> Date: Wed, 09 Jun 2010 14:24:08 +0200 From: Tejun Heo <tj@...nel.org> To: Dan Carpenter <error27@...il.com>, Jeff Garzik <jgarzik@...ox.com>, Robert Hancock <hancockrwd@...il.com>, Vivek Mahajan <vivek.mahajan@...escale.com>, linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org Subject: Re: [patch] sata_sil24: memset() overflow On 06/09/2010 02:01 PM, Dan Carpenter wrote: > cb->atapi.cdb is an array of 16 u8 elements. The call too memset() > would set the first part of the sge array to zero as well. It's not > a packed struct. > > This one has been around for five years. I found it with Smatch. I > think the reason no one has seen it before is because we normally call > sil24_fill_sg() and that overwrites sge with proper information? Yeah, the table is built after the memset so it doesn't really break anything but still where did that 32 come from? :-) > Signed-off-by: Dan Carpenter <error27@...il.com> Acked-by: Tejun Heo <tj@...nel.org> Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists