search

aircrack-ng / rtl8812au

RTL8812AU/21AU and RTL8814AU driver with monitor mode and frame injection
GNU General Public License v2.0
3.51k stars 767 forks source link

array-index-out-of-bounds in /var/lib/dkms/rtl8812au/4.2.2/build/os_dep/linux/usb_intf.c:573:26 #1004

Open nowatbuer opened 1 year ago

nowatbuer commented 1 year ago

My system is Ubuntu 22.04.1 LTS with kernel 5.15.0-48-generic #54-Ubuntu SMP . When plugging in my wifi dongle , dmesg shows the following:

[350267.425724] usb 1-4: new high-speed USB device number 13 using xhci_hcd [350267.574207] usb 1-4: New USB device found, idVendor=0bda, idProduct=0811, bcdDevice= 2.00 [350267.574226] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [350267.574234] usb 1-4: Product: 802.11ac WLAN Adapter [350267.574240] usb 1-4: Manufacturer: Realtek [350267.574246] usb 1-4: SerialNumber: 00e04c000001 [350267.637073] ================================================================================ [350267.637082] UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8812au/4.2.2/build/os_dep/linux/usb_intf.c:573:26 [350267.637086] index 3 is out of range for type 'int [3]' [350267.637088] CPU: 1 PID: 3624764 Comm: systemd-udevd Tainted: P OE 5.15.0-48-generic #54-Ubuntu [350267.637092] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J5040-ITX, BIOS P1.60 01/17/2020 [350267.637094] Call Trace: [350267.637097] [350267.637101] show_stack+0x52/0x5c [350267.637107] dump_stack_lvl+0x4a/0x63 [350267.637113] dump_stack+0x10/0x16 [350267.637115] ubsan_epilogue+0x9/0x49 [350267.637118] ubsan_handle_out_of_bounds.cold+0x44/0x49 [350267.637121] ? _rtw_malloc+0x2d/0x33 [8812au] [350267.637170] rtw_drv_init+0x322/0x4cc [8812au] [350267.637208] usb_probe_interface+0xeb/0x2b0 [350267.637212] really_probe+0x21f/0x420 [350267.637217] driver_probe_device+0x119/0x190 [350267.637219] driver_probe_device+0x23/0xc0 [350267.637222] driver_attach+0xbd/0x1e0 [350267.637224] ? device_attach_driver+0x120/0x120 [350267.637227] bus_for_each_dev+0x7c/0xd0 [350267.637229] driver_attach+0x1e/0x30 [350267.637232] bus_add_driver+0x148/0x220 [350267.637234] driver_register+0x95/0x100 [350267.637237] usb_register_driver+0x89/0x130 [350267.637239] ? 0xffffffffc1b5f000 [350267.637242] rtw_drv_entry+0x32/0x1000 [8812au] [350267.637269] do_one_initcall+0x46/0x1e0 [350267.637273] ? kmem_cache_alloc_trace+0x19e/0x2e0 [350267.637278] do_init_module+0x52/0x260 [350267.637281] load_module+0xacd/0xbc0 [350267.637284] do_sys_finit_module+0xbf/0x120 [350267.637287] __x64_sys_finit_module+0x18/0x20 [350267.637289] do_syscall_64+0x59/0xc0 [350267.637292] ? exit_to_user_mode_prepare+0x37/0xb0 [350267.637296] ? syscall_exit_to_user_mode+0x27/0x50 [350267.637299] ? x64_sys_read+0x19/0x20 [350267.637302] ? do_syscall_64+0x69/0xc0 [350267.637304] ? exit_to_user_mode_prepare+0x37/0xb0 [350267.637307] ? syscall_exit_to_user_mode+0x27/0x50 [350267.637309] ? do_syscall_64+0x69/0xc0 [350267.637311] entry_SYSCALL_64_after_hwframe+0x61/0xcb [350267.637315] RIP: 0033:0x7f3684356a3d [350267.637318] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 a3 0f 00 f7 d8 64 89 01 48 [350267.637321] RSP: 002b:00007ffd3a6f1298 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [350267.637324] RAX: ffffffffffffffda RBX: 000055c45f68cd70 RCX: 00007f3684356a3d [350267.637326] RDX: 0000000000000000 RSI: 00007f36844ed441 RDI: 0000000000000006 [350267.637327] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007ffd3a6f13d0 [350267.637329] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f36844ed441 [350267.637330] R13: 000055c45f688400 R14: 000055c45f68c0f0 R15: 000055c45f68d0e0 [350267.637333] [350267.637334] ================================================================================