On Thu, Oct 19, 2017 at 01:19:13PM +0200, Andrey Konovalov wrote: > On Wed, Oct 4, 2017 at 4:40 PM, Greg Kroah-Hartman > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Oct 03, 2017 at 11:29:40AM +0200, Johan Hovold wrote: > >> On Fri, Sep 29, 2017 at 10:37:55AM +0200, Greg Kroah-Hartman wrote: > >> > On Thu, Sep 28, 2017 at 07:57:46PM +0200, Andrey Konovalov wrote: > >> > > Hi! > >> > > > >> > > I've got the following report while fuzzing the kernel with syzkaller. > >> > > > >> > > On commit dc972a67cc54585bd83ad811c4e9b6ab3dcd427e (4.14-rc2+). > >> > > > >> > > There's no check on the connection_info->num_ports value when > >> > > iterating over ports. > >> > > > >> > > usb 1-1: Handspring Visor / Palm OS: port 162, is for unknown use > >> > > usb 1-1: Handspring Visor / Palm OS: port 81, is for unknown use > >> > > ================================================================== > >> > > BUG: KASAN: slab-out-of-bounds in palm_os_3_probe+0x4e4/0x570 > >> > > Read of size 1 at addr ffff8800686daa26 by task kworker/0:1/24 > >> > >> Thanks for the report, Andrey. > >> > >> > Ah, nice catch, this bug is _old_, sorry about that. > >> > > >> > The patch below should resolve this. It looks bigger than it really is, > >> > as I'm just moving the error checking higher up in the function, and > >> > loosing an indentation for when there is invalid data. > >> > > >> > Can you let me know if this solves the issue? > >> > >> And thanks for fixing this up, Greg. Will you send a proper patch that I > >> can apply? > > > > Yes, let me redo it based on your comments, and will send it out > > "correctly" in a few days. > > Hi Greg, > > I was going through the bugs I've reported, and it seems that you > didn't mail the patch for this one. Reminding in case you've > accidentally forgotten about it. It's not forgotten, it's on my TODO list, sorry, been swamped with other things these past few weeks. Hope to get to it soon... thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
