| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8c5668e9-728e-4223-ad74-232f6ece931f@cosmicgizmosystems.com> Date: Wed, 19 Mar 2025 21:36:47 -0700 From: Terry Junge <linuxhid@...micgizmosystems.com> To: Alan Stern <stern@...land.harvard.edu>, Strforexc yn <strforexc@...il.com> Cc: Jiri Kosina <jikos@...nel.org>, Benjamin Tissoires <bentiss@...nel.org>, Nikita Zhandarovich <n.zhandarovich@...tech.ru>, linux-usb@...r.kernel.org, linux-input@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [BUG] UBSAN: Array-Index-Out-of-Bounds in usbhid_parse (HID) on 6.14.0-rc4 On 3/4/25 7:14 AM, Alan Stern wrote: > On Tue, Mar 04, 2025 at 10:21:03AM +0800, Strforexc yn wrote: >> I hadn’t come across this patch earlier—thanks for sharing it! After >> reviewing it, I can see that it addresses the UBSAN >> array-index-out-of-bounds issue >> >> Alan Stern <stern@...land.harvard.edu> 于2025年3月4日周二 00:02写道: >>> Have you seen this patch or tried to test it? >>> >>> https://lore.kernel.org/linux-usb/20250131151600.410242-1-n.zhandarovich@fintech.ru/ > > You might want to work with Nikita on testing, improving, or > resubmitting the patch, because it hasn't been merged into the kernel > yet (as far as I know). > > Alan Stern > You may also want to try this patch that addresses the same issue by eliminating the for loop. https://lore.kernel.org/linux-input/20250312222333.2296363-1-linuxhid@cosmicgizmosystems.com/ Terry Junge
Powered by blists - more mailing lists