On Fri, May 15, 2026 at 12:15 AM Yuyang Huang <[email protected]> wrote: > > The bpf(cmd, attr, size) syscall copies up to 'size' bytes on input, but > several commands write outputs back to userspace unconditionally. If the > caller passes a short buffer, this can lead to out-of-bounds writes, > potentially overwriting adjacent userspace memory.
The whole thing sounds like a user space bug. Please demonstrate a case where this issue is seen by using libbpf APIs.
