search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
80 stars 5 forks source link

UBSAN: signed-integer-overflow in ../fs/libfs.c:149:11 #359

Open JustinStitt opened 1 month ago

JustinStitt commented 1 month ago 
[ 6008.461516] ------------[ cut here ]------------
[ 6008.464680] UBSAN: signed-integer-overflow in ../fs/libfs.c:149:11
[ 6008.468664] 9223372036854775807 + 16387 cannot be represented in type 'loff_t' (aka 'long long')
[ 6008.474167] CPU: 1 PID: 1214 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00041-gec7cb1052e44-dirty #15
[ 6008.479662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 6008.485276] Call Trace:
[ 6008.486819]  <TASK>
[ 6008.488258]  dump_stack_lvl+0x93/0xd0
[ 6008.490535]  handle_overflow+0x171/0x1b0
[ 6008.492957]  dcache_dir_lseek+0x3bf/0x3d0
[ 6008.495455]  ? mutex_lock+0x4b/0x90
[ 6008.497626]  __x64_sys_lseek+0x150/0x1b0
[ 6008.500035]  do_syscall_64+0xd7/0x1b0
[ 6008.502294]  ? arch_exit_to_user_mode_prepare+0x11/0x60
[ 6008.505479]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 6008.508531] RIP: 0033:0x7feadbaf6539
[ 6008.510736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 8
[ 6008.521796] RSP: 002b:00007ffcf6fbe278 EFLAGS: 00000246 ORIG_RAX: 0000000000000008
[ 6008.526359] RAX: ffffffffffffffda RBX: 00007feadbc2af80 RCX: 00007feadbaf6539
[ 6008.530637] RDX: 0000000000000001 RSI: 7fffffffffffffff RDI: 0000000000000003
[ 6008.534919] RBP: 00007feadbb55496 R08: 0000000000000000 R09: 0000000000000000
[ 6008.539216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 6008.543455] R13: 00000000000009e7 R14: 00007feadbc2af80 R15: 00007feadbc2af80
[ 6008.547714]  </TASK>
[ 6008.549334] ---[ end trace ]---
JustinStitt commented 1 month ago

[PATCH] libfs: fix accidental overflow in offset calculation