[Jfs-discussion] Slab out of bounds in setxattr
Brought to you by:
blaschke-oss,
shaggyk
Menu
▾
▴
[Jfs-discussion] Slab out of bounds in setxattr
|
From: shankarapailoor <sha...@gm...> - 2018-06-01 20:52:24
|
Hi Dave et al, I have been fuzzing linux 4.17-rc4 with JFS using Syzkaller KASAN: slab-out-of-bounds in jfs_xattr. Attached are my kernel configs and a C reproducer. In the first setxattr call it appears that length is much larger than the name. In __jfs_setxattr, I don't see where the length is checked against the actual value length. Regards, Shankara Pailoor |