Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)

From: Khalid Masum
Date: Mon Aug 01 2022 - 10:07:21 EST

Next message: Julien Panis: "Re: [PATCH v3 2/2] iio: time: capture-tiecap: capture driver support for ECAP"
Previous message: Marco Elver: "Re: [PATCH v2 1/1] mm: kfence: apply kmemleak_ignore_phys on early allocated pool"
In reply to: Dan Carpenter: "Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)"
Next in thread: Khalid Masum: "Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/1/22 16:43, Dan Carpenter wrote:

These are precendence bugs. The ! will be done before the >=. Write it
as:

if (pos < vc->vc_origin || pos >= vc->vc_scr_end ||
ret >= vc->vc_scr_end) {

/* Should not happen */
x = y = 0;
ret = vc->vc_origin;

regards,
dan carpenter

Thanks for the catch. I shall send another syz-test patch with these fixed.

thanks,
-- Khalid Masum

Next message: Julien Panis: "Re: [PATCH v3 2/2] iio: time: capture-tiecap: capture driver support for ECAP"
Previous message: Marco Elver: "Re: [PATCH v2 1/1] mm: kfence: apply kmemleak_ignore_phys on early allocated pool"
In reply to: Dan Carpenter: "Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)"
Next in thread: Khalid Masum: "Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]