Re: [BUG] Out of bound read of size 1 in __d_alloc function which further leads to __default_memcpy function
From: Jules Maselbas <hidden>
Date: 2021-05-10 10:19:34
From: Jules Maselbas <hidden>
Date: 2021-05-10 10:19:34
Hi, On Fri, May 07, 2021 at 12:58:30PM +0200, Sascha Hauer wrote:
Hi, On Sun, Apr 18, 2021 at 01:10:10AM +0530, Neeraj Pal wrote:quoted
Hi, I have found the Out of bound read issue of size 1 when argv[2] is "" in __d_alloc function fs/fs.c:1254 which further goes and crashes into __default_memcpy call lib/string.c:562 Tested on: - barebox-2021.04.0 - git commit af0f068a6edad45b033e772056ac0352e1ba3613I can reproduce this here. Thanks for reporting it. I just sent out a series fixing this issue, you are on Cc:
I think this should also be fixed by the patch I've sent: (74946415a "fs: Fix link_path_walk to return -ENOENT on empty path") This patch might not have fixed this exact case when running the nfs command. Have you been able to repoduce this issue with this patch applied ? I've havn't tried to setup a net interface to debug nfs commandi, instead I was using simpler command such as `md5sum ""`. Best, Jules _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox