| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFhGd8pQKE_uak2gqUXjbQy4LCGoJqVD2XCZrOC606u-tzS0mg@mail.gmail.com> Date: Fri, 17 May 2024 13:40:59 -0700 From: Justin Stitt <justinstitt@...gle.com> To: Matthew Wilcox <willy@...radead.org> Cc: Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Nick Desaulniers <ndesaulniers@...gle.com>, Nathan Chancellor <nathan@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Bill Wendling <morbo@...gle.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, linux-hardening@...r.kernel.org Subject: Re: [PATCH v3] fs: fix unintentional arithmetic wraparound in offset calculation Hi, On Thu, May 16, 2024 at 6:13 PM Matthew Wilcox <willy@...radead.org> wrote: > > On Fri, May 17, 2024 at 12:29:06AM +0000, Justin Stitt wrote: > > When running syzkaller with the newly reintroduced signed integer > > overflow sanitizer we encounter this report: > > why do you keep saying it's unintentional? it's clearly intended. Right, "unintentional" is a poor choice of phrasing. I actually mean: "overflow-checking arithmetic was done in a way that intrinsically causes an overflow (wraparound)". I can clearly see the intent of the code; there's even comments saying exactly what it does: "/* Ensure offsets don't wrap. */"... So the thinking is: let's use the overflow-checking helpers so we can get a good signal through the sanitizers on _real_ bugs, especially in spots with no bounds handling. Thanks Justin
Powered by blists - more mailing lists