| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <baf121ae-a5a4-47a3-bc3a-9255708009b9@selasky.org>
Date: Mon, 12 Sep 2022 14:36:12 +0200
From: Hans Petter Selasky <hps@...asky.org>
To: 유용수 <yongsuyoo0215@...il.com>,
Kieran Bingham <kieran.bingham@...asonboard.com>,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
mchehab@...nel.org
Cc: 0215yys@...mail.net
Subject: Re: [PATCH] media: dvb_ringbuffer : Fix a bug in dvb_ringbuffer.c
Hi Mauro and YongSu,
Answering my own question: The reason nobody has triggered this yet, is
because the buffer size used is power of two. Because unsigned modulus
is used, the result becomes correct. See below. But if non-power of two
ring-buffer is used, then the result becomes incorrect. There is no
block for non-power of two sized buffers. See:
https://github.com/search?q=dvb_set_pesfilter&type=code
cat << EOF > testX.c
#include <stdio.h>
int
main()
{
int consumed_old;
int consumed_fix;
size_t idx = 3;
ssize_t pread = 15;
ssize_t size = 256;
consumed_old = (idx - pread) % size;
consumed_fix = (idx - pread);
if (consumed_fix < 0)
consumed_fix += size;
printf("old=%d new=%d size=%zd\n", consumed_old, consumed_fix, size);
size = 254;
consumed_old = (idx - pread) % size;
consumed_fix = (idx - pread);
if (consumed_fix < 0)
consumed_fix += size;
printf("old=%d new=%d size=%zd\n", consumed_old, consumed_fix, size);
return (0);
}
EOF
cc testX.c && ./a.out
old=244 new=244 size=256
old=244 new=242 size=254
So either push the suggested fix, or block non-power of two buffer sizes!
Best regards,
--HPS
Powered by blists - more mailing lists