mirror of
https://github.com/torvalds/linux
synced 2024-09-21 11:38:48 +00:00
ac7f1061c2
Current code does: if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2) However sscanf() is broken garbage. It silently accepts whitespace between format specifiers (did you know that?). It silently accepts valid strings which result in integer overflow. Do not use sscanf() for any even remotely reliable parsing code. OK # readlink '/proc/1/map_files/55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/ 55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/55a23af39000-55a23b05b000 ' /lib/systemd/systemd very broken # readlink '/proc/1/map_files/1000000000000000055a23af39000-55a23b05b000' /lib/systemd/systemd Andrei said: : This patch breaks criu. It was a bug in criu. And this bug is on a minor : path, which works when memfd_create() isn't available. It is a reason why : I ask to not backport this patch to stable kernels. : : In CRIU this bug can be triggered, only if this patch will be backported : to a kernel which version is lower than v3.16. Link: http://lkml.kernel.org/r/20171120212706.GA14325@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Andrei Vagin <avagin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|---|---|---|
| .. | ||
| array.c | ||
| base.c | ||
| cmdline.c | ||
| consoles.c | ||
| cpuinfo.c | ||
| devices.c | ||
| fd.c | ||
| fd.h | ||
| generic.c | ||
| inode.c | ||
| internal.h | ||
| interrupts.c | ||
| Kconfig | ||
| kcore.c | ||
| kmsg.c | ||
| loadavg.c | ||
| Makefile | ||
| meminfo.c | ||
| namespaces.c | ||
| nommu.c | ||
| page.c | ||
| proc_net.c | ||
| proc_sysctl.c | ||
| proc_tty.c | ||
| root.c | ||
| self.c | ||
| softirqs.c | ||
| stat.c | ||
| task_mmu.c | ||
| task_nommu.c | ||
| thread_self.c | ||
| uptime.c | ||
| util.c | ||
| version.c | ||
| vmcore.c | ||