On 5/24/2024 2:56 PM, Greg KH wrote: > On Fri, May 24, 2024 at 01:34:49PM +0800, quic_zijuhu wrote: >> On 5/24/2024 1:21 PM, Greg KH wrote: >>> On Fri, May 24, 2024 at 01:15:01PM +0800, quic_zijuhu wrote: >>>> On 5/24/2024 12:33 PM, Greg KH wrote: >>>>> On Fri, May 24, 2024 at 12:20:03PM +0800, Zijun Hu wrote: >>>>>> zap_modalias_env() wrongly calculates size of memory block >>>>>> to move, so maybe cause OOB memory access issue, fixed by >>>>>> correcting size to memmove. >>>>> >>>>> "maybe" or "does"? That's a big difference :) >>>>> >>>> i found this issue by reading code instead of really meeting this issue. >>>> this issue should be prone to happen if there are more than 1 other >>>> environment vars. >>> >>> But does it? Given that we have loads of memory checkers, and I haven't >>> ever seen any report of any overrun, it would be nice to be sure. >>> >> yes. if @env includes env vairable MODALIAS and more than one other env >> vairables. then (env->buflen - len) must be greater that actual size of >> "target block" shown previously, so the OOB issue must happen. > > Then why are none of the tools that we have for catching out-of-bound > issues triggered here? Are the tools broken or is this really just not > ever happening? It would be good to figure that out... > don't know why. perhaps, need to report our case to expert of tools. > thanks, > > greg k-h
