| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68835b3b.a00a0220.2f88df.0044.GAE@google.com>
Date: Fri, 25 Jul 2025 03:23:55 -0700
From: syzbot <syzbot+fb4362a104d45ab09cf9@...kaller.appspotmail.com>
To: abbotti@....co.uk
Cc: abbotti@....co.uk, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insnlist_ioctl
> #syz test
This crash does not have a reproducer. I cannot test it.
>
> diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
> index 23b7178522ae..360fde417016 100644
> --- a/drivers/comedi/comedi_fops.c
> +++ b/drivers/comedi/comedi_fops.c
> @@ -1587,6 +1587,10 @@ static int do_insnlist_ioctl(struct comedi_device *dev,
> memset(&data[n], 0, (MIN_SAMPLES - n) *
> sizeof(unsigned int));
> }
> + } else {
> + unsigned int n_min = max(n, (unsigned int)MIN_SAMPLES);
> +
> + memset(data, 0, n_min * sizeof(unsigned int));
> }
> ret = parse_insn(dev, insns + i, data, file);
> if (ret < 0)
> @@ -1670,6 +1674,8 @@ static int do_insn_ioctl(struct comedi_device *dev,
> memset(&data[insn->n], 0,
> (MIN_SAMPLES - insn->n) * sizeof(unsigned int));
> }
> + } else {
> + memset(data, 0, n_data * sizeof(unsigned int));
> }
> ret = parse_insn(dev, insn, data, file);
> if (ret < 0)
Powered by blists - more mailing lists