| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jul 2019 23:14:04 +0530
From: Jeffrin Thalakkottoor <jeffrin@...agiritech.edu.in>
To: rostedt@...dmis.org, andriy.shevchenko@...ux.intel.com,
alexander.shishkin@...ux.intel.com, tobin@...nel.org,
ndesaulniers@...gle.com
Cc: lkml <linux-kernel@...r.kernel.org>
Subject: BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70
hello all ,
i encountered a KASAN bug related . here are some related information...
-------------------x-----------------------------x------------------
[ 30.037312] BUG: KASAN: global-out-of-bounds in
ata_exec_internal_sg+0x50f/0xc70
[ 30.037447] Read of size 16 at addr ffffffff91f41f80 by task scsi_eh_1/149
[ 30.039935] The buggy address belongs to the variable:
[ 30.040059] cdb.48319+0x0/0x40
[ 30.040241] Memory state around the buggy address:
[ 30.040362] ffffffff91f41e80: fa fa fa fa 00 00 fa fa fa fa fa fa
00 00 07 fa
[ 30.040498] ffffffff91f41f00: fa fa fa fa 00 00 00 00 00 00 00 03
fa fa fa fa
[ 30.040628] >ffffffff91f41f80: 00 04 fa fa fa fa fa fa 00 00 fa fa
fa fa fa fa
[ 30.040755] ^
[ 30.040868] ffffffff91f42000: 00 00 00 04 fa fa fa fa 00 fa fa fa
fa fa fa fa
[ 30.041003] ffffffff91f42080: 04 fa fa fa fa fa fa fa 00 04 fa fa
fa fa fa fa
---------------------------x--------------------------x----------------
$uname -a
Linux debian 5.2.0-rc7+ #4 SMP Tue Jul 9 02:54:07 IST 2019 x86_64 GNU/Linux
$
--------------------x----------------------------x---------------------------
(gdb) l *ata_exec_internal_sg+0x50f
0xffffffff81c7b59f is in ata_exec_internal_sg (./include/linux/string.h:359).
354 if (q_size < size)
355 __read_overflow2();
356 }
357 if (p_size < size || q_size < size)
358 fortify_panic(__func__);
359 return __builtin_memcpy(p, q, size);
360 }
361
362 __FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
363 {
(gdb)
--------------------------x--------------------------
GNU Make 4.2.1
Binutils 2.31.1
Util-linux 2.33.1
Mount 2.33.1
Linux C Library 2.28
Dynamic linker (ldd) 2.28
Procps 3.3.15
Kbd 2.0.4
Console-tools 2.0.4
Sh-utils 8.30
Udev 241
---------------------x--------------------------------x
Thread model: posix
gcc version 8.3.0 (Debian 8.3.0-7)
---------------------x--------------------------------x
Please ask if more information is needed.
--
software engineer
rajagiri school of engineering and technology
Powered by blists - more mailing lists