| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Jan 2020 17:26:25 +1100
From: Daniel Axtens <dja@...ens.net>
To: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
kasan-dev@...glegroups.com
Cc: linuxppc-dev@...ts.ozlabs.org,
linux-arm-kernel@...ts.infradead.org, linux-s390@...r.kernel.org,
linux-xtensa@...ux-xtensa.org, x86@...nel.org, dvyukov@...gle.com,
christophe.leroy@....fr, Daniel Axtens <dja@...ens.net>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>
Subject: [PATCH v2 3/3] kasan: initialise array in kasan_memcmp test
memcmp may bail out before accessing all the memory if the buffers
contain differing bytes. kasan_memcmp calls memcmp with a stack array.
Stack variables are not necessarily initialised (in the absence of a
compiler plugin, at least). Sometimes this causes the memcpy to bail
early thus fail to trigger kasan.
Make sure the array initialised to zero in the code.
No other test is dependent on the contents of an array on the stack.
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Signed-off-by: Daniel Axtens <dja@...ens.net>
---
lib/test_kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index a130d75b9385..519b0f259e97 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -619,7 +619,7 @@ static noinline void __init kasan_memcmp(void)
{
char *ptr;
size_t size = 24;
- int arr[9];
+ int arr[9] = {};
pr_info("out-of-bounds in memcmp\n");
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
--
2.20.1
Powered by blists - more mailing lists