On Fri, 19 May 2023 10:46:38 +0300, Dmitry Antipov wrote:
> An attempt to pass too long module name to, say, rmmod, may
> cause an out-of-bounds memory access (as repoted by UBSan):
>
> $ rmmod $(for i in $(seq 0 4200); do echo -ne x; done)
> libkmod/libkmod-module.c:1828:8: runtime error: index 4107 out of bounds for type 'char [4096]'
>
> This is because 'snprintf(path, sizeof(path), ...)' may return the
> value which exceeds 'sizeof(path)' (which happens when an output
> gets truncated). To play it safe, such a suspicious output is
> better to be rejected explicitly.
>
> [...]
Applied, thanks!
[1/1] libkmod: fix possible out-of-bounds memory access
commit: badacf76e46b3602bc0e99ffc677ccbe53691f62
Best regards,
--
Lucas De Marchi <lucas.de.marchi@xxxxxxxxx>
