Hello:
This patch was applied to netdev/net.git (main)
by David S. Miller <davem@xxxxxxxxxxxxx>:
On Fri, 19 Jan 2024 17:48:39 -0800 you wrote:
> Syzcaller UBSAN crash occurs in rds_cmsg_recv(),
> which reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),
> but with array size of 4 (RDS_RX_MAX_TRACES).
> Here 'j' is assigned from rs->rs_rx_trace[i] and in-turn from
> trace.rx_trace_pos[i] in rds_recv_track_latency(),
> with both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the
> off-by-one bounds check in rds_recv_track_latency() to prevent
> a potential crash in rds_cmsg_recv().
>
> [...]
Here is the summary with links:
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
https://git.kernel.org/netdev/net/c/13e788deb734
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
