subject:"\[PATCH resend\] vgacon\: fix a UAF in do_update_region\(\)"

Re: [PATCH resend] vgacon: fix a UAF in do_update_region()

2020-10-20 Thread Yang Yingliang

C reproducer: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a

[PATCH resend] vgacon: fix a UAF in do_update_region()

2020-10-20 Thread Yang Yingliang

I got a UAF report in do_update_region() when I doing fuzz test. [ 51.161905] BUG: KASAN: use-after-free in do_update_region+0x579/0x600 [ 51.161918] Read of size 2 at addr 88800010 by task test/295 [ 51.161957] CPU: 2 PID: 295 Comm: test Not tainted 5.7.0+ #975 [ 51.161969] Hard