lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 30 Jul 2021 12:45:59 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc:     Richard Fitzgerald <rf@...nsource.cirrus.com>,
        linux-kernel@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        kernel test robot <oliver.sang@...el.com>
Subject: Re: [PATCH v1 1/1] lib/test_scanf: Handle n_bits == 0 in random tests

On Tue 2021-07-27 18:01:32, Andy Shevchenko wrote:
> UBSAN reported (via LKP)
> 
> [   11.021349][    T1] UBSAN: shift-out-of-bounds in lib/test_scanf.c:275:51
> [   11.022782][    T1] shift exponent 32 is too large for 32-bit type 'unsigned int'
> 
> When n_bits == 0, the shift is out of range. Switch code to use GENMASK
> to handle this case.
> 
> Fixes: 50f530e176ea ("lib: test_scanf: Add tests for sscanf number conversion")
> Reported-by: kernel test robot <oliver.sang@...el.com>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>

The patch is committed in linux/printk.git, branch for-5.15.

I would send it for 4.14 if there was another urgent fix needed.
But this one does not look important enough to hurry it up alone.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ