lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230804133601.40cb5fe9@gandalf.local.home>
Date:   Fri, 4 Aug 2023 13:36:01 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Sven Schnelle <svens@...ux.ibm.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78

On Fri, 04 Aug 2023 18:32:48 +0200
Sven Schnelle <svens@...ux.ibm.com> wrote:

> > Can you show where exactly the above line is?  
> 
> It is:
> 
> (gdb) list *(print_synth_event+0xa68)
> 0x5e4f60 is in print_synth_event (/home/svens/ibmgit/linux/kernel/trace/trace_events_synth.c:410).
> 405                             p = (void *)entry + data_offset;
> 406                             end = (void *)p + len - (sizeof(long) - 1);
> 407
> 408                             trace_seq_printf(s, "%s=STACK:\n", se->fields[i]->name);
> 409
> 410                             for (; *p && p < end; p++)

I think that conditional needs to be swapped. Can you test the following
change and see if the problem disappears?

> 411                                     trace_seq_printf(s, "=> %pS\n", (void *)*p);
> 412                             n_u64++;
> 413
> 414                     } else {

-- Steve

diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index dd398afc8e25..1e266e6436a0 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -407,7 +407,7 @@ static enum print_line_t print_synth_event(struct trace_iterator *iter,
 
 			trace_seq_printf(s, "%s=STACK:\n", se->fields[i]->name);
 
-			for (; *p && p < end; p++)
+			for (; p < end && *p; p++)
 				trace_seq_printf(s, "=> %pS\n", (void *)*p);
 			n_u64++;
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ