| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9c03a5f4-865b-000e-0206-9e01f876261a@gmail.com>
Date: Thu, 12 Aug 2021 15:35:53 +0800
From: Tuo Li <islituo@...il.com>
To: "Dalessandro, Dennis" <dennis.dalessandro@...nelisnetworks.com>,
mike.marciniszyn@...nelisnetworks.com, dledford@...hat.com,
"jgg@...pe.ca" <jgg@...pe.ca>
Cc: linux-rdma@...r.kernel.org,
Linux Kernel <linux-kernel@...r.kernel.org>,
"baijiaju1990@...il.com" <baijiaju1990@...il.com>
Subject: [BUG] RDMA/hw/qib/qib_iba6120: possible buffer underflow in
rcvctrl_6120_mod()
Hello,
Our static analysis tool reports a possible buffer underflow in
qib_iba6120.c in Linux 5.14.0-rc3:
The variable ctxt is checked in:
2110: if (ctxt < 0)
This indicates that ctxt can be negative.
If so, possible buffer underflows will occur:
2120: qib_write_kreg_ctxt(dd, kr_rcvhdrtailaddr, ctxt,
dd->rcd[ctxt]->rcvhdrqtailaddr_phys);
2122: qib_write_kreg_ctxt(dd, kr_rcvhdraddr, ctxt,
dd->rcd[ctxt]->rcvhdrq_phys);
However, I am not sure whether ctxt < 0 and op & QIB_RCVCTRL_CTXT_ENB
can be true at the same time.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists