Re: [RFC net] net: skbuff: fix stack variable out of bounds access

On Tue, Mar 23, 2021 at 12:30 PM Arnd Bergmann wrote: > > On Tue, Mar 23, 2021 at 3:42 PM Willem de Bruijn > wrote: > > > > On Tue, Mar 23, 2021 at 8:52 AM Arnd Bergmann wrote: > > >> > > A similar fix already landed in 5.12-rc3: commit b228c9b05876 ("net: > > expand textsearch ts_state to fit s

Re: [RFC net] net: skbuff: fix stack variable out of bounds access

On Tue, Mar 23, 2021 at 3:42 PM Willem de Bruijn wrote: > > On Tue, Mar 23, 2021 at 8:52 AM Arnd Bergmann wrote: > >> > A similar fix already landed in 5.12-rc3: commit b228c9b05876 ("net: > expand textsearch ts_state to fit skb_seq_state"). That fix landed in > 5.12-rc3. Ah nice, even the same

Re: [RFC net] net: skbuff: fix stack variable out of bounds access

On Tue, Mar 23, 2021 at 8:52 AM Arnd Bergmann wrote: > > From: Arnd Bergmann > > gcc-11 warns that the TS_SKB_CB(&state)) cast in skb_find_text() > leads to an out-of-bounds access in skb_prepare_seq_read() after > the addition of a new struct member made skb_seq_state longer > than ts_state: > >

[RFC net] net: skbuff: fix stack variable out of bounds access

From: Arnd Bergmann gcc-11 warns that the TS_SKB_CB(&state)) cast in skb_find_text() leads to an out-of-bounds access in skb_prepare_seq_read() after the addition of a new struct member made skb_seq_state longer than ts_state: net/core/skbuff.c: In function ‘skb_find_text’: net/core/skbuff.c:349