| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Dec 2019 15:50:58 +0100
From: Takashi Iwai <tiwai@...e.de>
To: syzbot <syzbot+f153bde47a62e0b05f83@...kaller.appspotmail.com>
Cc: alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
perex@...ex.cz, syzkaller-bugs@...glegroups.com, tiwai@...e.com
Subject: Re: KASAN: slab-out-of-bounds Read in linear_transfer (3)
On Wed, 04 Dec 2019 09:25:09 +0100,
syzbot wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/p..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1416a90ee00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=dd226651cb0f364b
> dashboard link: https://syzkaller.appspot.com/bug?extid=f153bde47a62e0b05f83
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10fe9e41e00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1522042ae00000
>
> The bug was bisected to:
>
> commit 65766ee0bf7fe8b3be80e2e1c3ef54ad59b29476
> Author: Takashi Iwai <tiwai@...e.de>
> Date: Fri Nov 9 10:59:45 2018 +0000
>
> ALSA: oss: Use kvzalloc() for local buffer allocations
FYI, this bisection result is bogus; before this commit, the buffer
was allocated via vmalloc and KASAN check was skipped. Now with
kvmalloc(), it goes with kmalloc which has a proper check, and the
problem surfaced since this commit.
The real culprit is a potential buffer overflow in the OSS plugin
chain. I submitted the fix patch now.
Takashi
Powered by blists - more mailing lists