hci_inquiry_result_with_rssi_evt() can perform out of bound reads
on skb->data as a bound check is missing.
Signed-off-by: Tomas Bortoli
Reported-by: syzbot+cec7a50c412a2c03f...@syzkaller.appspotmail.com
Reported-by: syzbot+660883c56e2fa65d4...@syzkaller.appspotmail.com
---
v2:
- changed sizeof
Hi Dan,
On 3/4/19 4:04 PM, Dan Carpenter wrote:
> Hi Tomas,
>
> url:
> https://github.com/0day-ci/linux/commits/Tomas-Bortoli/net-bluetooth-Fix-bound-check-in-event-handling/20190301-213647
> base:
> https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git
> master
>
Hi Tomas,
url:
https://github.com/0day-ci/linux/commits/Tomas-Bortoli/net-bluetooth-Fix-bound-check-in-event-handling/20190301-213647
base:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git
master
smatch warnings:
net/bluetooth/hci_event.c:3986 hci_inquiry_resul
Hi Marcel,
On 3/2/19 5:46 PM, Marcel Holtmann wrote:
> Hi Tomas,
>
>> hci_inquiry_result_with_rssi_evt() can perform out of bound reads
>> on skb->data as a bound check is missing.
>>
>> Signed-off-by: Tomas Bortoli
>> Reported-by: syzbot+cec7a50c412a2c03f...@syzkaller.appspotmail.com
>> Reporte
Hi Tomas,
> hci_inquiry_result_with_rssi_evt() can perform out of bound reads
> on skb->data as a bound check is missing.
>
> Signed-off-by: Tomas Bortoli
> Reported-by: syzbot+cec7a50c412a2c03f...@syzkaller.appspotmail.com
> Reported-by: syzbot+660883c56e2fa65d4...@syzkaller.appspotmail.com
> -
hci_inquiry_result_with_rssi_evt() can perform out of bound reads
on skb->data as a bound check is missing.
Signed-off-by: Tomas Bortoli
Reported-by: syzbot+cec7a50c412a2c03f...@syzkaller.appspotmail.com
Reported-by: syzbot+660883c56e2fa65d4...@syzkaller.appspotmail.com
---
Syzkaler reports:
http
