On Tue, Oct 03, 2017 at 11:29:40AM +0200, Johan Hovold wrote: > On Fri, Sep 29, 2017 at 10:37:55AM +0200, Greg Kroah-Hartman wrote: > > On Thu, Sep 28, 2017 at 07:57:46PM +0200, Andrey Konovalov wrote: > > > Hi! > > > > > > I've got the following report while fuzzing the kernel with syzkaller. > > > > > > On commit dc972a67cc54585bd83ad811c4e9b6ab3dcd427e (4.14-rc2+). > > > > > > There's no check on the connection_info->num_ports value when > > > iterating over ports. > > > > > > usb 1-1: Handspring Visor / Palm OS: port 162, is for unknown use > > > usb 1-1: Handspring Visor / Palm OS: port 81, is for unknown use > > > ================================================================== > > > BUG: KASAN: slab-out-of-bounds in palm_os_3_probe+0x4e4/0x570 > > > Read of size 1 at addr ffff8800686daa26 by task kworker/0:1/24 > > Thanks for the report, Andrey. > > > Ah, nice catch, this bug is _old_, sorry about that. > > > > The patch below should resolve this. It looks bigger than it really is, > > as I'm just moving the error checking higher up in the function, and > > loosing an indentation for when there is invalid data. > > > > Can you let me know if this solves the issue? > > And thanks for fixing this up, Greg. Will you send a proper patch that I > can apply? Yes, let me redo it based on your comments, and will send it out "correctly" in a few days. thanks for the review, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
