| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1338220845-25082-1-git-send-email-levinsasha928@gmail.com> Date: Mon, 28 May 2012 18:00:45 +0200 From: Sasha Levin <levinsasha928@...il.com> To: davem@...emloft.net, ericvh@...il.com, aneesh.kumar@...ux.vnet.ibm.com, jvrao@...ux.vnet.ibm.com Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Sasha Levin <levinsasha928@...il.com> Subject: [PATCH] 9p: BUG before corrupting memory The BUG_ON() in pack_sg_list() would get triggered only one time after we've corrupted some memory by sg_set_buf() into an invalid sg buffer. I'm still working on figuring out why I manage to trigger that bug... Signed-off-by: Sasha Levin <levinsasha928@...il.com> --- net/9p/trans_virtio.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 5af18d1..2fd7305 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -192,10 +192,10 @@ static int pack_sg_list(struct scatterlist *sg, int start, s = rest_of_page(data); if (s > count) s = count; + BUG_ON(index >= limit); sg_set_buf(&sg[index++], data, s); count -= s; data += s; - BUG_ON(index > limit); } return index-start; -- 1.7.8.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists