Re: [PATCH v4] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Sonntag, 6. Februar 2022 02:34:19 CET Vitaly Chikunov wrote: > `struct dirent' returned from readdir(3) could be shorter (or longer) > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread > into unallocated page causing SIGSEGV. Example stack trace: > > #0 0x559ebe

Re: [PATCH v4] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Montag, 7. Februar 2022 08:56:07 CET Greg Kurz wrote: > On Sun, 6 Feb 2022 04:34:19 +0300 > > Vitaly Chikunov wrote: > > `struct dirent' returned from readdir(3) could be shorter (or longer) > > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread > > > > into unallocated

Re: [PATCH v4] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

On Sun, 6 Feb 2022 04:34:19 +0300 Vitaly Chikunov wrote: > `struct dirent' returned from readdir(3) could be shorter (or longer) > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread > into unallocated page causing SIGSEGV. Example stack trace: > > #0 0x559ebeed v9

[PATCH v4] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread

`struct dirent' returned from readdir(3) could be shorter (or longer) than `sizeof(struct dirent)', thus memcpy of sizeof length will overread into unallocated page causing SIGSEGV. Example stack trace: #0 0x559ebeed v9fs_co_readdir_many (/usr/bin/qemu-system-x86_64 + 0x497eed) #1 0x0