| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D3E0BAE.6090202@lougher.demon.co.uk>
Date: Mon, 24 Jan 2011 23:30:54 +0000
From: Phillip Lougher <phillip@...gher.demon.co.uk>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: Jesper Juhl <jj@...osbits.net>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] SquashFS, XZ: Don't use uninitialized variable in squashfs_xz_uncompress
On 24/01/11 22:43, Andrew Morton wrote:
> On Thu, 20 Jan 2011 21:53:23 +0100 (CET)
> Jesper Juhl<jj@...osbits.net> wrote:
>
>> In fs/squashfs/xz_wrapper.c::squashfs_xz_uncompress() we have this code:
>>
>> enum xz_ret xz_err;
>> ...
>> do {
>> if (stream->buf.in_pos == stream->buf.in_size&& k< b) {
>> ... [nothing that assigns to 'xz_err'] ...
>> if (avail == 0) {
>> offset = 0;
>> put_bh(bh[k++]);
>> continue;
>
> hm, maybe. The handling of the `avail == 0' case looks odd. It sits
> there in a loop doing wait_on_buffer() against buffers which it will
> never use and possible reporting -EIO for a buffer which it didn't use,
> which seems bogus.
Hi Andrew,
I'm just about to send out a patch that fixes this uninitialised variable
bug by way of getting rid of that if (avail == 0) case.
The avail == 0 case is a workaround for the fact that the caller code
can occasionally pass a buffer head that has already been
consumed (read offset into buffer head is at the end of the buffer).
Phillip
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists