From: Solomon Tan <wjsota@gmail.com>
To: straube.linux@gmail.com, paskripkin@gmail.com
Cc: Greg KH <gregkh@linuxfoundation.org>,
Larry Finger <Larry.Finger@lwfinger.net>,
Phillip Potter <phil@philpotter.co.uk>,
"open list:STAGING SUBSYSTEM" <linux-staging@lists.linux.dev>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [BUG] staging: r8188eu: KASAN: slab-out-of-bounds in rtw_cmd_thread
Date: Mon, 25 Apr 2022 08:37:33 +0800 [thread overview]
Message-ID: <YmXtTeEGVDPrx9d7@ArchDesktop> (raw)
In-Reply-To: <c2296090-2e9b-fafb-35da-e01b025b53b7@gmail.com>
> > > It looks like
> > > commit 0afaa121813e ("staging: r8188eu: use in-kernel ieee channel")
> > > intoduced a. See KASAN output below.
> > >
> > > That commit replaced the use of struct rtw_ieee80211_channel with struct
> > > ieee80211_channel.
> > >
> > > There are several calls to memcpy that used sizeof(struct
> > > rtw_ieee80211_channel)
> > > and now use sizeof(struct ieee80211_channel) but the sizes of these two
> > > structures are not equal.
> > >
>
> drivers/staging/r8188eu/core/rtw_cmd.c:276: memcpy() call.
>
> As Michael said the sizes of structures do not mach and the memcpy writes
> below allocated buffer.
>
Thanks Pavel.
Hi Michael, I could not find the cause of this issue, and I am afraid I
might break even more stuff if I attempt to fix it, so I have submitted
a new patch to revert my changes. Sorry for the inconvenience.
Cheers,
Solomon
next prev parent reply other threads:[~2022-04-25 0:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-24 10:00 [BUG] staging: r8188eu: KASAN: slab-out-of-bounds in rtw_cmd_thread Michael Straube
2022-04-24 12:11 ` Solomon Tan
2022-04-24 15:06 ` Pavel Skripkin
2022-04-25 0:37 ` Solomon Tan [this message]
2022-04-25 15:41 ` Dan Carpenter
2022-04-26 2:48 ` Solomon Tan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YmXtTeEGVDPrx9d7@ArchDesktop \
--to=wjsota@gmail.com \
--cc=Larry.Finger@lwfinger.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=paskripkin@gmail.com \
--cc=phil@philpotter.co.uk \
--cc=straube.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.