[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM6JnLdrzCPOYyfTdmriFo7cRaGM4p2OEPd_0MHa3_WemamffA@mail.gmail.com>
Date: Mon, 4 Nov 2019 08:15:18 -0800
From: Or Cohen <orcohen@...oaltonetworks.com>
To: Nicolas Pitre <nico@...xnic.net>
Cc: Greg KH <gregkh@...uxfoundation.org>, jslaby@...e.com,
textshell@...uujin.de, Daniel Vetter <daniel.vetter@...ll.ch>,
sam@...nborg.org, mpatocka@...hat.com, ghalat@...hat.com,
linux-kernel@...r.kernel.org, jwilk@...lk.net,
Nadav Markus <nmarkus@...oaltonetworks.com>,
syzkaller@...glegroups.com
Subject: Re: Bug report - slab-out-of-bounds in vcs_scr_readw
@gregkh@...uxfoundation.org @nico@...xnic.net - Thanks for the quick response.
@gregkh@...uxfoundation.org - Regarding your question, I don't think
the 1 byte buffer is related to the problem. ( it's just was there in
the initial reproducer the fuzzer created, and I forgot to remove it
while reducing code from the reproducer ).
I think the problem is related to the huge size argument , which
influences the initialization of "this_round".
On Mon, Nov 4, 2019 at 7:50 AM Nicolas Pitre <nico@...xnic.net> wrote:
>
> On Mon, 4 Nov 2019, Greg KH wrote:
>
> > On Mon, Nov 04, 2019 at 04:39:55AM -0800, Or Cohen wrote:
> > > Hi,
> > > I discovered a OOB access bug using Syzkaller and decided to report it,
> > > as I could not find a similar report in syzkaller mailing list,
> > > syzkaller-bugs mailing list
> [...]
> >
> > I am at another conference at the moment and can't look at this much
> > now, will try to later this week...
>
> I'll looking into it now.
>
>
> Nicolas
Powered by blists - more mailing lists