| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <161df39ee89ae640828d3226a8de3d60f786ddd7.camel@sipsolutions.net>
Date: Thu, 09 May 2024 12:52:56 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Jannik Glückert <jannik.glueckert@...il.com>
Cc: Bagas Sanjaya <bagasdotme@...il.com>, Linux Kernel Mailing List
<linux-kernel@...r.kernel.org>, Linux Networking <netdev@...r.kernel.org>,
Linux Wireless <linux-wireless@...r.kernel.org>, Jouni Malinen
<jouni.malinen@...eros.com>, "John W. Linville" <linville@...driver.com>,
Kalle Valo <kvalo@...nel.org>, Emmanuel Grumbach
<emmanuel.grumbach@...el.com>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo
Abeni <pabeni@...hat.com>, Sam James <sam@...too.org>
Subject: Re: Fwd: UBSAN: array-index-out-of-bounds in net/wireless/nl80211.c
and net/mac80211/scan.c
On Thu, 2024-05-09 at 12:49 +0200, Jannik Glückert wrote:
>
> > (Seriously. If you're running with bleeding edge toolchains that pretty
> > much nobody has yet, send patches.)
>
> I'm not sure what to make of this - this bug has been around ever
> since the code was added, modern toolchains just happen to be one way
> to expose it.
No, that's incorrect. This is perfectly valid code:
struct x {
int n;
int a[] /* __counted_by(n) */;
};
x = alloc(sizeof(*x) + sizeof(int) * 2);
x->a[0] = 10;
x->a[1] = 20;
x->n = 2;
However, the uncommenting of the __counted_by() annotation will lead to
a complaint.
johannes
Powered by blists - more mailing lists