On 3/20/20 1:36 AM, Entropy Moe wrote: > Hello Randy, > please see attached POC for the vulnerability. > Hi Moe, Do you have anything to do with the syzkaller source code generation? (POC; reproducers) I don't expect it to be beautiful, but it could be a lot easier to read in a few places. E.g., the POC that you provided sets a tmpfs mount option string to "mpol=prefer:,", which is probably purposely malformed (OK), but it does so in an unreadable manner: (I added the // comments.) memcpy((void*)0x20000340, "mpol", 4); *(uint8_t*)0x20000344 = 0x3d; // = memcpy((void*)0x20000345, "prefer", 6); *(uint8_t*)0x2000034b = 0x3a; // : *(uint8_t*)0x2000034c = 0x2c; // , *(uint8_t*)0x2000034d = 0; That kind of obfuscation just helps slow down debugging. :( -- ~Randy
