Re: 6pack: stack-out-of-bounds in sixpack_receive_buf

On Mon, Sep 5, 2016 at 7:49 PM, One Thousand Gnomes wrote: >> different runs). Looking at code, the following looks suspicious -- we >> limit copy by 512 bytes, but use the original count which can be >> larger than 512: >> >> static void sixpack_receive_buf(struct

Re: 6pack: stack-out-of-bounds in sixpack_receive_buf

> different runs). Looking at code, the following looks suspicious -- we > limit copy by 512 bytes, but use the original count which can be > larger than 512: > > static void sixpack_receive_buf(struct tty_struct *tty, > const unsigned char *cp, char *fp, int count) > { > unsigned char

Re: 6pack: stack-out-of-bounds in sixpack_receive_buf

On Sat, 3 Sep 2016 15:38:08 +0200 Dmitry Vyukov wrote: > Hello, > > While running syzkaller fuzzer I've got the following report: > > BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at > addr 880037fbf850 > Read of size 1 by task syz-executor/6759 >