Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 30 Jan 2003 14:01:29 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 30 Jan 2003 14:01:29 -0500 Received: from air-2.osdl.org ([65.172.181.6]:25290 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id ; Thu, 30 Jan 2003 14:01:27 -0500 Date: Thu, 30 Jan 2003 11:03:59 -0800 (PST) From: "Randy.Dunlap" X-X-Sender: To: Yichen Xie cc: , Subject: Re: [CHECKER] 87 potential array bounds error/buffer overruns in 2.5.53 In-Reply-To: <000001c2c5a4$5c4465d0$09830c80@stanfordja31z2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org URL for original email: http://www.lkml.org/archive/2003/1/26/98/index.html | Attached are 87 potential buffer overruns in 2.5.53. Most arise from | improper bounds checks, and some might be security holes where the array | index comes from an untrusted source (e.g. copy_from_user). In the bug | report, "len" refers to the length of the array or buffer being | accessed, and "off" refers to the offset/index that is being used to | access it. (off >= len) corresponds to a buffer overrun, while (off < 0) | signals an underrun. Here is a summary report of patches for these reported problems. I suggest that we ask the kernel-janitors project to try to finish this off. --------------------------------------------------------- # Summary for # buffer-specific errors = 87 # /dev/null-specific errors = 0 # Common errors = 0 # Total = 87 # BUGs | File Name These reported errors are fixed (pending, not merged): 1 | /scsi/aic79xx_pci.c 1 | /input/sunkbd.c 9 | /scsi/aachba.c 4 | /i386/numa.c 3 | /drivers/DAC960.c 3 | /drivers/ibmphp_pci.c 2 | /net/qos.c 2 | /hardware/diva.c 2 | /ftape/ftape-read.c 1 | /drivers/dpt_i2o.c 1 | /drivers/cciss.c 1 | /message/i2o_core.c 1 | /char/rioroute.c 1 | /net/af_bluetooth.c 1 | /drivers/cpqphp_pci.c 1 | /net/scc.c 1 | /sound/dev_table.c 2 | /drivers/specialix.c 1 | /dvb/av7110.c 1 | /media/bttv-cards.c 1 | /drivers/ll_rw_blk.c 1 | /net/rtnetlink.c 1 | /net/orinoco.c 1 | /drivers/riscom8.c 1 | /drivers/i82092.c 1 | /net/smc-ircc.c 1 | /fs/devfs/base.c 1 | /drivers/cpqfcTSworker.c 1 | /drivers/3c59x.c 1 | /drivers/sx.c These (potential) reported errors are unfixed: 1 | /char/riocmd.c 1 | /char/rioboot.c 1 | /sound/sb_card.c 3 | /video/init301.c 1 | /video/sis_main.c 1 | /video/sis/init.c 1 | /message/mptbase.c 1 | /isdn/isdn_common.c 1 | /hardware/os_4bri.c 2 | /net/skxmac2.c 2 | /drivers/psi240i.c 2 | /drivers/eexpress.c 3 | /message/i2o_block.c 2 | /drivers/tg3.c 1 | /net/3c359.c 1 | /drivers/qlogicfc.c 1 | /media/msp3400.c 1 | /drivers/cdrom.c 1 | /media/radio-terratec.c 1 | /fs/cifssmb.c 1 | /ide/siimage.c These reported problems aren't errors: 1 | /usb/ohci-hub.c 1 | /drivers/ide-probe.c 5 | /char/i2cmd.c 1 | /fs/xfs_bmap_btree.c These are already changed/modified/different from the reported problems. 1 | /cpu/powernow-k6.c ### -- ~Randy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/