lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jul 2019 23:14:04 +0530 From: Jeffrin Thalakkottoor <jeffrin@...agiritech.edu.in> To: rostedt@...dmis.org, andriy.shevchenko@...ux.intel.com, alexander.shishkin@...ux.intel.com, tobin@...nel.org, ndesaulniers@...gle.com Cc: lkml <linux-kernel@...r.kernel.org> Subject: BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70 hello all , i encountered a KASAN bug related . here are some related information... -------------------x-----------------------------x------------------ [ 30.037312] BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70 [ 30.037447] Read of size 16 at addr ffffffff91f41f80 by task scsi_eh_1/149 [ 30.039935] The buggy address belongs to the variable: [ 30.040059] cdb.48319+0x0/0x40 [ 30.040241] Memory state around the buggy address: [ 30.040362] ffffffff91f41e80: fa fa fa fa 00 00 fa fa fa fa fa fa 00 00 07 fa [ 30.040498] ffffffff91f41f00: fa fa fa fa 00 00 00 00 00 00 00 03 fa fa fa fa [ 30.040628] >ffffffff91f41f80: 00 04 fa fa fa fa fa fa 00 00 fa fa fa fa fa fa [ 30.040755] ^ [ 30.040868] ffffffff91f42000: 00 00 00 04 fa fa fa fa 00 fa fa fa fa fa fa fa [ 30.041003] ffffffff91f42080: 04 fa fa fa fa fa fa fa 00 04 fa fa fa fa fa fa ---------------------------x--------------------------x---------------- $uname -a Linux debian 5.2.0-rc7+ #4 SMP Tue Jul 9 02:54:07 IST 2019 x86_64 GNU/Linux $ --------------------x----------------------------x--------------------------- (gdb) l *ata_exec_internal_sg+0x50f 0xffffffff81c7b59f is in ata_exec_internal_sg (./include/linux/string.h:359). 354 if (q_size < size) 355 __read_overflow2(); 356 } 357 if (p_size < size || q_size < size) 358 fortify_panic(__func__); 359 return __builtin_memcpy(p, q, size); 360 } 361 362 __FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size) 363 { (gdb) --------------------------x-------------------------- GNU Make 4.2.1 Binutils 2.31.1 Util-linux 2.33.1 Mount 2.33.1 Linux C Library 2.28 Dynamic linker (ldd) 2.28 Procps 3.3.15 Kbd 2.0.4 Console-tools 2.0.4 Sh-utils 8.30 Udev 241 ---------------------x--------------------------------x Thread model: posix gcc version 8.3.0 (Debian 8.3.0-7) ---------------------x--------------------------------x Please ask if more information is needed. -- software engineer rajagiri school of engineering and technology
Powered by blists - more mailing lists