On Mon, Jul 29, 2019 at 2:55 PM Jens Axboe <[email protected]> wrote:
>
> On 7/29/19 3:47 PM, Kees Cook wrote:
> > Jeffrin reported a KASAN issue:
> >
> >    BUG: KASAN: global-out-of-bounds in ata_exec_internal_sg+0x50f/0xc70
> >    Read of size 16 at addr ffffffff91f41f80 by task scsi_eh_1/149
> >    ...
> >    The buggy address belongs to the variable:
> >      cdb.48319+0x0/0x40
> >
> > Much like commit 18c9a99bce2a ("libata: zpodd: small read overflow in
> > eject_tray()"), this fixes a cdb[] buffer length, this time in
> > zpodd_get_mech_type():
> >
> > We read from the cdb[] buffer in ata_exec_internal_sg(). It has to be
> > ATAPI_CDB_LEN (16) bytes long, but this buffer is only 12 bytes.
>
> Applied, thanks.

Dropped my reviewed by tag. :(
https://lkml.org/lkml/2019/7/22/865
-- 
Thanks,
~Nick Desaulniers

Reply via email to