| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160721211714.GE23759@htj.duckdns.org> Date: Thu, 21 Jul 2016 17:17:14 -0400 From: Tejun Heo <tj@...nel.org> To: tom.ty89@...il.com Cc: hare@...e.de, sergei.shtylyov@...entembedded.com, arnd@...db.de, sfr@...b.auug.org.au, linux-ide@...r.kernel.org, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, linux-next@...r.kernel.org Subject: Re: [PATCH resend 3/5] libata-scsi: fix overflow in mode page copy Hello, On Fri, Jul 22, 2016 at 02:41:52AM +0800, tom.ty89@...il.com wrote: > From: Tom Yan <tom.ty89@...il.com> > > ata_mselect_*() would initialize a char array for storing a copy of > the current mode page. However, if char was actually signed char, > overflow could occur. Do you mean sign extension? > For example, `0xff` from def_control_mpage[] would be "truncated" > to `-1`. This prevented ata_mselect_control() from working at all, > since when it did the read-only bits check, there would always be > a mismatch. Heh, the description doesn't really make sense. Are you talking about something like the following? char ar[N]; int i; i = ar[x]; if (i == 0xff) asdf; If so, the description isn't quite right. Thanks. -- tejun
Powered by blists - more mailing lists