summaryrefslogtreecommitdiffstats
path: root/arch/m68k/lib
diff options
context:
space:
mode:
authorVineet Gupta <vgupta@synopsys.com>2021-04-23 12:16:25 -0700
committerVineet Gupta <vgupta@synopsys.com>2021-05-10 12:38:59 -0700
commit3433adc8bd09fc9f29b8baddf33b4ecd1ecd2cdc (patch)
tree76a2d371c15467b0232ad70e6addcba85dddcac1 /arch/m68k/lib
parent8e97bf39fa0361af3e64739b3766992b9dafa11d (diff)
downloadlinux-3433adc8bd09fc9f29b8baddf33b4ecd1ecd2cdc.tar.gz
linux-3433adc8bd09fc9f29b8baddf33b4ecd1ecd2cdc.tar.bz2
linux-3433adc8bd09fc9f29b8baddf33b4ecd1ecd2cdc.zip
ARC: entry: fix off-by-one error in syscall number validation
We have NR_syscall syscalls from [0 .. NR_syscall-1]. However the check for invalid syscall number is "> NR_syscall" as opposed to >=. This off-by-one error erronesously allows "NR_syscall" to be treated as valid syscall causeing out-of-bounds access into syscall-call table ensuing a crash (holes within syscall table have a invalid-entry handler but this is beyond the array implementing the table). This problem showed up on v5.6 kernel when testing glibc 2.33 (v5.10 kernel capable, includng faccessat2 syscall 439). The v5.6 kernel has NR_syscalls=439 (0 to 438). Due to the bug, 439 passed by glibc was not handled as -ENOSYS but processed leading to a crash. Link: https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/48 Reported-by: Shahab Vahedi <shahab@synopsys.com> Cc: <stable@vger.kernel.org> Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Diffstat (limited to 'arch/m68k/lib')
0 files changed, 0 insertions, 0 deletions