lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <67355e51.050a0220.1324f8.008d.GAE@google.com>
Date: Wed, 13 Nov 2024 18:20:01 -0800
From: syzbot <syzbot+3fa2af55f15bd21cada9@...kaller.appspotmail.com>
To: xiaopei01@...inos.cn
Cc: 67321ded.050a0220.a83d0.0016.gae@...gle.com, linux-kernel@...r.kernel.org, 
	xiaopei01@...inos.cn, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in s32ton

> s32ton always be 0 when n>=32,add check n.
>
> #syz test

This crash does not have a reproducer. I cannot test it.

>
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 81d6c734c8bc..ead1d338fa58 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -66,8 +66,11 @@ static s32 snto32(__u32 value, unsigned int n)
>
>   static u32 s32ton(__s32 value, unsigned int n)
>   {
> -       s32 a = value >> (n - 1);
> +       s32 a;
>
> +       if (n >= 32)
> +               return value;
> +       a = value >> (n - 1);
>          if (a && a != -1)
>                  return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
>          return value & ((1 << n) - 1);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ