Re: Fw: Re: oops in choose_configuration()

From: Chuck Ebbert
Date: Tue Mar 07 2006 - 16:55:40 EST

Next message: Fernando Lopez-Lezcano: "2.6.15-rt18, alsa sequencer, rosegarden -> alsa hangs"
Previous message: Randy.Dunlap: "Re: vmlinuz-2.6.16-rc5-git8 still nogo with Intel D945 Motherboard"
In reply to: Dave Jones: "Re: Fw: Re: oops in choose_configuration()"
Next in thread: Greg KH: "Re: Fw: Re: oops in choose_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In-Reply-To: <Pine.LNX.4.64.0603051840280.13139@xxxxxxxxxxx>

On Sun, 5 Mar 2006 19:27:53 -0800, Linus Torvalds wrote:

> So I'd be more inclined to blame a buffer overflow on a kmalloc, and the
> obvious target is the "add_uevent_var()" thing, since all/many of the
> corruptions seem to come from uevent environment variable strings.

At least one susbsystem rolls its own method of adding env vars to the
uevent buffer, and it's so broken it triggers the WARN_ON() in
lib/vsprintf.c::vsnprintf() by passing a negative length to that function.
Start at drivers/input/input.c::input_dev_uevent() and watch the fun.

I reported this to linux-kernel, the input maintainer and the author
of that code on Feb. 26:

http://lkml.org/lkml/2006/2/26/39

--
Chuck
"Penguins don't come from next door, they come from the Antarctic!"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fernando Lopez-Lezcano: "2.6.15-rt18, alsa sequencer, rosegarden -> alsa hangs"
Previous message: Randy.Dunlap: "Re: vmlinuz-2.6.16-rc5-git8 still nogo with Intel D945 Motherboard"
In reply to: Dave Jones: "Re: Fw: Re: oops in choose_configuration()"
Next in thread: Greg KH: "Re: Fw: Re: oops in choose_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]