On Thu, Jun 21, 2018 at 2:50 AM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote: > Fedora rawhide has not had any kernel build available for i686 for a > week now. It was disabled in a rebase due to part of the build process > segfaulting. The bug causing the segfault is not specific to i386. It could happen on any architecture. There is an incorrect loop termination condition that can lead to an array index wrapping around to (size_t)-1. Try the attached patch. It fixes the issue for me. (I tried to mimic a git-produced patch without actually having a git checkout of the kernel handy. If somebody wants to generate that patch the right way and submit it upstream, that would be great.) Regards, -- Jerry James http://www.jamezone.org/
From: Jerry James <loganjerry@xxxxxxxxx> Date: Fri, 22 Jun 2018 09:28:15 -060 Subject: [PATCH] kconfig: loop boundary condition fix If buf[-1] just happens to hold the byte 0x0A, then nread can wrap around to (size_t)-1, leading to invalid memory accesses. --- a/scripts/kconfig/preprocess.c.orig 2018-06-22 08:36:01.601896556 -0600 +++ b/scripts/kconfig/preprocess.c 2018-06-22 09:19:03.745447415 -0600 @@ -156,7 +156,7 @@ static char *do_shell(int argc, char *ar nread--; /* remove trailing new lines */ - while (buf[nread - 1] == '\n') + while (nread > 0 && buf[nread - 1] == '\n') nread--; buf[nread] = 0;
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/NBLLSNXQLTLQE5BL4FQQMPTB5W4YXA3B/