From: Alexei Starovoitov
Date: Tue, 8 Sep 2015 13:40:01 -0700
> when the verifier log is enabled the print_bpf_insn() is doing
> bpf_alu_string[BPF_OP(insn->code) >> 4]
> and
> bpf_jmp_string[BPF_OP(insn->code) >> 4]
> where BPF_OP is a 4-bit instruction opcode.
> Malformed insns can cause out o
On 09/08/2015 10:40 PM, Alexei Starovoitov wrote:
when the verifier log is enabled the print_bpf_insn() is doing
bpf_alu_string[BPF_OP(insn->code) >> 4]
and
bpf_jmp_string[BPF_OP(insn->code) >> 4]
where BPF_OP is a 4-bit instruction opcode.
Malformed insns can cause out of bounds access.
Fix it b
when the verifier log is enabled the print_bpf_insn() is doing
bpf_alu_string[BPF_OP(insn->code) >> 4]
and
bpf_jmp_string[BPF_OP(insn->code) >> 4]
where BPF_OP is a 4-bit instruction opcode.
Malformed insns can cause out of bounds access.
Fix it by sizing arrays appropriately.
The bug was found by
