[Bug 206525] BUG: KASAN: stack-out-of-bounds in test_bit+0x30/0x44 (kernel 5.6-rc1)
From: <hidden>
Date: 2020-02-15 17:54:27
https://bugzilla.kernel.org/show_bug.cgi?id=206525
--- Comment #3 from Christophe Leroy (christophe.leroy@c-s.fr) ---Bug introduced by commit ("cf5bddb95cbe net: bridge: vlan: add rtnetlink group
and notify support")
RTNLGRP_MAX is now 33.
'unsigned long groups' is 32 bits long on PPC32
Following loop in netlink_bind() overflows.
for (group = 0; group < nlk->ngroups; group++) {
if (!test_bit(group, &groups))
continue;
err = nlk->netlink_bind(net, group + 1);
if (!err)
continue;
netlink_undo_bind(group, groups, sk);
goto unlock;
}
Should 'groups' be changes to 'unsigned long long' ?
--
You are receiving this mail because:
You are watching the assignee of the bug.