| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190114184741.GF17906@uranus.lan> Date: Mon, 14 Jan 2019 21:47:41 +0300 From: Cyrill Gorcunov <gorcunov@...il.com> To: Matthew Wilcox <willy@...radead.org> Cc: LKML <linux-kernel@...r.kernel.org> Subject: [PATCH]: xarray: Fix potential out of bounds access Since the mark is used as an array index we should use preincrement to not access the XA_MARK_MAX index. Cc: Matthew Wilcox <willy@...radead.org> Signed-off-by: Cyrill Gorcunov <gorcunov@...il.com> --- Matthew, take a look please, I suspect we may access the mark index out of allocated one. Compile tested only. It comes from 58d6ea3085f2e53714810a513c61629f6d2be0a6 lib/xarray.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: linux-next.git/lib/xarray.c =================================================================== --- linux-next.git.orig/lib/xarray.c +++ linux-next.git/lib/xarray.c @@ -129,7 +129,7 @@ static void xas_squash_marks(const struc continue; __set_bit(xas->xa_offset, marks); bitmap_clear(marks, xas->xa_offset + 1, xas->xa_sibs); - } while (mark++ != (__force unsigned)XA_MARK_MAX); + } while (++mark != (__force unsigned)XA_MARK_MAX); } /* extracts the offset within this node from the index */
Powered by blists - more mailing lists