lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 7 Jan 2013 13:23:41 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Lin Feng <linfeng@...fujitsu.com>
Cc:	tj@...nel.org, mingo@...nel.org, yinghai@...nel.org,
	liwanp@...ux.vnet.ibm.com, benh@...nel.crashing.org,
	tangchen@...fujitsu.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] mm: memblock: fix wrong memmove size in
 memblock_merge_regions()

On Mon, 7 Jan 2013 11:41:36 +0800
Lin Feng <linfeng@...fujitsu.com> wrote:

> The memmove span covers from (next+1) to the end of the array, and the index
> of next is (i+1), so the index of (next+1) is (i+2). So the size of remaining
> array elements is (type->cnt - (i + 2)).

What are the user-visible effects of this bug?

> --- a/mm/memblock.c
> +++ b/mm/memblock.c
> @@ -314,7 +314,8 @@ static void __init_memblock memblock_merge_regions(struct memblock_type *type)
>  		}
>  
>  		this->size += next->size;
> -		memmove(next, next + 1, (type->cnt - (i + 1)) * sizeof(*next));
> +		/* move forward from next + 1, index of which is i + 2 */
> +		memmove(next, next + 1, (type->cnt - (i + 2)) * sizeof(*next));
>  		type->cnt--;
>  	}
>  }
> -- 
> 1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ