| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bd95f568-a4cd-6ffa-9260-fa261f40f252@omp.ru> Date: Mon, 12 Aug 2024 12:54:40 +0300 From: Sergey Shtylyov <s.shtylyov@....ru> To: Roman Smirnov <r.smirnov@....ru>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Breno Leitao <leitao@...ian.org> CC: <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Karina Yankevich <k.yankevich@....ru>, <lvc-project@...uxtesting.org> Subject: Re: [PATCH] drivers: net: bsd_comp: fix integer overflow in bsd_decompress() On 8/12/24 12:41 PM, Sergey Shtylyov wrote: [...] > On 8/12/24 11:43 AM, Roman Smirnov wrote: > >> The result of a bit shift has type int. > > So far, so good... :-) > >> If ibuf is greater than or > > *ibuf maybe? :-) > >> equal to 128, a sign switch will occur. > > I wonder whether you had looked at the .lsy file before writing > that... > Actually, movzvl (%rdi),%eax is used when reading *buf, so no It was movzbl, of course... > sign extension occurs at this point... it occurs when casting the > result of shift to *unsignjed long* ... before ORing with accm. [...] MBR, Sergey
Powered by blists - more mailing lists