linux - NXP/Freescale LSDK linux tree with Scalys patches

diff options

author	Alexei Starovoitov <ast@plumgrid.com>	2015-09-08 20:40:01 (GMT)
committer	David S. Miller <davem@davemloft.net>	2015-09-09 21:11:55 (GMT)
commit	687f07156b0c99205c21aa4e2986564046d342fe (patch)
tree	668c2682acff45a945833a56f80f8282a98ae8fd /drivers/net/dsa/bcm_sf2.h
parent	6b9ea5a64ed5eeb3f68f2e6fcce0ed1179801d1e (diff)
download	linux-687f07156b0c99205c21aa4e2986564046d342fe.tar.xz

bpf: fix out of bounds access in verifier log

when the verifier log is enabled the print_bpf_insn() is doing bpf_alu_string[BPF_OP(insn->code) >> 4] and bpf_jmp_string[BPF_OP(insn->code) >> 4] where BPF_OP is a 4-bit instruction opcode. Malformed insns can cause out of bounds access. Fix it by sizing arrays appropriately. The bug was found by clang address sanitizer with libfuzzer. Reported-by: Yonghong Song <yhs@plumgrid.com> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'drivers/net/dsa/bcm_sf2.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: