| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200423154503.5103-4-dja@axtens.net>
Date: Fri, 24 Apr 2020 01:45:03 +1000
From: Daniel Axtens <dja@...ens.net>
To: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
akpm@...ux-foundation.org, kasan-dev@...glegroups.com
Cc: dvyukov@...gle.com, christophe.leroy@....fr,
Daniel Axtens <dja@...ens.net>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>
Subject: [PATCH v3 3/3] kasan: initialise array in kasan_memcmp test
memcmp may bail out before accessing all the memory if the buffers
contain differing bytes. kasan_memcmp calls memcmp with a stack array.
Stack variables are not necessarily initialised (in the absence of a
compiler plugin, at least). Sometimes this causes the memcpy to bail
early thus fail to trigger kasan.
Make sure the array initialised to zero in the code.
No other test is dependent on the contents of an array on the stack.
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Signed-off-by: Daniel Axtens <dja@...ens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@...gle.com>
---
lib/test_kasan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 939f395a5392..7700097842c8 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp(void)
{
char *ptr;
size_t size = 24;
- int arr[9];
+ int arr[9] = {};
pr_info("out-of-bounds in memcmp\n");
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
--
2.20.1
Powered by blists - more mailing lists