Specially crafted files could overflow internal counters, allowing out of boundary writes. Make sure that neither counters nor resulting calculations overflow.
Another round of "is it even possible?"
Proof of Concept:
Create a file which contains more than 2^32 pre dependencies
SUMMARY: AddressSanitizer: heap-buffer-overflow ../libkmod/libkmod-config.c:371 in kmod_config_add_softdep
The file will be around 8 GB in size, memory peaks around that as well (didn't measure exactly, better have 16 GB or more). So, yes. It can happen. It's highly unlikely but we have the overflow checks already available, so let's just check instead of adjusting various data types and return values from unsigned int to size_t. Not worth it.
lucasdemarchi
commented
2 weeks ago
Specially crafted files could overflow internal counters, allowing out of boundary writes. Make sure that neither counters nor resulting calculations overflow.
Another round of "is it even possible?"
Proof of Concept:
Create a file which contains more than 2^32 pre dependencies
Try to insert poc module
This should lead to a segmentation fault or
The file will be around 8 GB in size, memory peaks around that as well (didn't measure exactly, better have 16 GB or more). So, yes. It can happen. It's highly unlikely but we have the overflow checks already available, so let's just check instead of adjusting various data types and return values from
unsigned inttosize_t. Not worth it.