Re: [V9fs-developer] [PATCH] Integer underflow in pdu_read()

From: Al Viro
Date: Mon Jul 09 2018 - 15:32:07 EST

Next message: Nicholas Mc Guire: "Re: [PATCH] can: mpc5xxx_can: check of_iomap return before use"
Previous message: syzbot: "Re: WARNING: ODEBUG bug in p9_fd_close"
In reply to: Tomas Bortoli: "[V9fs-developer] [PATCH] Integer underflow in pdu_read()"
Next in thread: Tomas Bortoli: "Re: [V9fs-developer] [PATCH] Integer underflow in pdu_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 09, 2018 at 09:26:51PM +0200, Tomas Bortoli wrote:
> The pdu_read() function suffers from an integer underflow.
> When pdu->offset is greater than pdu->size, the length calculation will have
> a wrong result, resulting in an out-of-bound read.
> This patch modifies also pdu_write() in the same way to prevent the same
> issue from happening there and for consistency.

What does cause the calls of pdu_read() in such conditions and shouldn't *that*
be dealt with?

Next message: Nicholas Mc Guire: "Re: [PATCH] can: mpc5xxx_can: check of_iomap return before use"
Previous message: syzbot: "Re: WARNING: ODEBUG bug in p9_fd_close"
In reply to: Tomas Bortoli: "[V9fs-developer] [PATCH] Integer underflow in pdu_read()"
Next in thread: Tomas Bortoli: "Re: [V9fs-developer] [PATCH] Integer underflow in pdu_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]