On Mon, Jul 29, 2019 at 2:55 PM Jens Axboe <[email protected]> wrote: > > On 7/29/19 3:47 PM, Kees Cook wrote: > > Jeffrin reported a KASAN issue: > > > > BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70 > > Read of size 16 at addr ffffffff91f41f80 by task scsi_eh_1/149 > > ... > > The buggy address belongs to the variable: > > cdb.48319+0x0/0x40 > > > > Much like commit 18c9a99bce2a ("libata: zpodd: small read overflow in > > eject_tray()"), this fixes a cdb[] buffer length, this time in > > zpodd_get_mech_type(): > > > > We read from the cdb[] buffer in ata_exec_internal_sg(). It has to be > > ATAPI_CDB_LEN (16) bytes long, but this buffer is only 12 bytes. > > Applied, thanks.
Dropped my reviewed by tag. :( https://lkml.org/lkml/2019/7/22/865 -- Thanks, ~Nick Desaulniers
