Hi all, Link: https://syzkaller.appspot.com/bug?id=f332576321998d36cd07d09c9c1268cfed1895c9 As reported by syzbot, vcs_read_buf() is overflowing `con_buf16`, since this patch removed the following check: - if (count > CON_BUF_SIZE) { - count = CON_BUF_SIZE; - filled = count - pos; - } Decreasing `count` by `min(HEADER_SIZE - pos, count)` bypasses this check. Additionally, this patch also removed updates to `skip` and `filled`. What should we do in order to fix it? Thank you, Peilin Ye
