Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Freitag, 4. Februar 2022 01:22:38 CET Dmitry V. Levin wrote: > On Fri, Feb 04, 2022 at 03:15:16AM +0300, Vitaly Chikunov wrote: > [...] > > > Yes but this will cause another abort() call. I am thinking about v3 fix > > > > like this: > > struct dirent * > > qemu_dirent_dup(struct dirent *d

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Fri, Feb 04, 2022 at 03:15:16AM +0300, Vitaly Chikunov wrote: [...] > Yes but this will cause another abort() call. I am thinking about v3 fix > like this: > > struct dirent * > qemu_dirent_dup(struct dirent *dent) > { > size_t sz = 0; > #if defined _DIRENT_HAVE_D_RECLEN > /

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

Christian, On Thu, Feb 03, 2022 at 01:42:19PM +0100, Christian Schoenebeck wrote: > On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > > `struct dirent' returned from readdir(3) could be shorter than > > `sizeof(struct dirent)', thus memcpy of sizeof length will overread > > into un

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > `struct dirent' returned from readdir(3) could be shorter than > `sizeof(struct dirent)', thus memcpy of sizeof length will overread > into unallocated page causing SIGSEGV. Example stack trace: > > #0 0x559ebeed v9fs_co_r

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Donnerstag, 3. Februar 2022 07:20:05 CET Vitaly Chikunov wrote: > On Thu, Feb 03, 2022 at 07:55:41AM +0300, Vitaly Chikunov wrote: > > Christian, > > > > On Wed, Feb 02, 2022 at 05:55:45PM +0100, Christian Schoenebeck wrote: > > > On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote:

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Thu, Feb 03, 2022 at 07:55:41AM +0300, Vitaly Chikunov wrote: > Christian, > > On Wed, Feb 02, 2022 at 05:55:45PM +0100, Christian Schoenebeck wrote: > > On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > > > `struct dirent' returned from readdir(3) could be shorter than > > > `s

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

Christian, On Wed, Feb 02, 2022 at 05:55:45PM +0100, Christian Schoenebeck wrote: > On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > > `struct dirent' returned from readdir(3) could be shorter than > > `sizeof(struct dirent)', thus memcpy of sizeof length will overread > > into un

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > `struct dirent' returned from readdir(3) could be shorter than > `sizeof(struct dirent)', thus memcpy of sizeof length will overread > into unallocated page causing SIGSEGV. Example stack trace: > > #0 0x559ebeed v9fs_co_r

Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Freitag, 28. Januar 2022 23:33:26 CET Vitaly Chikunov wrote: > `struct dirent' returned from readdir(3) could be shorter than > `sizeof(struct dirent)', thus memcpy of sizeof length will overread > into unallocated page causing SIGSEGV. Example stack trace: I actually suggested to make it clear

[PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

`struct dirent' returned from readdir(3) could be shorter than `sizeof(struct dirent)', thus memcpy of sizeof length will overread into unallocated page causing SIGSEGV. Example stack trace: #0 0x559ebeed v9fs_co_readdir_many (/usr/bin/qemu-system-x86_64 + 0x497eed) #1 0x559ec