On Tue, Dec 1, 2015 at 11:30 AM, Daniel Borkmann wrote:
> On 12/01/2015 10:38 AM, Dmitry Vyukov wrote:
>>
>> On Mon, Nov 30, 2015 at 7:29 PM, Alexei Starovoitov
>> wrote:
>
> ...
>>>
>>> Dmitry, thanks a lot for applying syzkaller to bpf. The issues
>>> got cought much sooner than they would have
From: Daniel Borkmann
Date: Mon, 30 Nov 2015 13:02:55 +0100
> During own review but also reported by Dmitry's syzkaller [1] it has been
> noticed that we trigger a heap out-of-bounds access on eBPF array maps
> when updating elements. This happens with each map whose map->value_size
> (specified
On 12/01/2015 10:38 AM, Dmitry Vyukov wrote:
On Mon, Nov 30, 2015 at 7:29 PM, Alexei Starovoitov
wrote:
...
Dmitry, thanks a lot for applying syzkaller to bpf. The issues
got cought much sooner than they would have been discovered otherwise.
Looks like the fuzzing has limited dependency chains
On Mon, Nov 30, 2015 at 7:29 PM, Alexei Starovoitov
wrote:
> On Mon, Nov 30, 2015 at 01:02:55PM +0100, Daniel Borkmann wrote:
>> During own review but also reported by Dmitry's syzkaller [1] it has been
>> noticed that we trigger a heap out-of-bounds access on eBPF array maps
>> when updating elem
On Mon, Nov 30, 2015 at 01:02:55PM +0100, Daniel Borkmann wrote:
> During own review but also reported by Dmitry's syzkaller [1] it has been
> noticed that we trigger a heap out-of-bounds access on eBPF array maps
> when updating elements. This happens with each map whose map->value_size
> (specifi
During own review but also reported by Dmitry's syzkaller [1] it has been
noticed that we trigger a heap out-of-bounds access on eBPF array maps
when updating elements. This happens with each map whose map->value_size
(specified during map creation time) is not multiple of 8 bytes.
In array_map_al
