MIME-Version: 1.0
In-Reply-To: <Pine.LNX.4.44L0.1709211156570.1299-100000@iolanthe.rowland.org>
References: <CAAeHK+xiFr1RW+HkoFhnypcgsnp6DgwzwVZ1pzQdzHeYZU+N5A@mail.gmail.com>
 <Pine.LNX.4.44L0.1709211156570.1299-100000@iolanthe.rowland.org>
From: Andrey Konovalov <andreyknvl@google.com>
Date: Thu, 21 Sep 2017 19:16:22 +0200
Message-ID: <CAAeHK+wPALJHKsqK2+faw5t2A1xYjd1qUmedhg=P+m48w4JBag@mail.gmail.com>
Subject: Re: usb/storage/uas: slab-out-of-bounds in uas_probe
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Oliver Neukum <oneukum@suse.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        USB list <linux-usb@vger.kernel.org>, linux-scsi@vger.kernel.org,
        usb-storage@lists.one-eyed-alien.net,
        LKML <linux-kernel@vger.kernel.org>,
        Dmitry Vyukov <dvyukov@google.com>, Kostya Serebryany <kcc@google.com>,
        syzkaller <syzkaller@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 687
Lines: 21

On Thu, Sep 21, 2017 at 6:50 PM, Alan Stern <stern@rowland.harvard.edu> wrote:
> On Thu, 21 Sep 2017, Andrey Konovalov wrote:
>
>> Hi!
>>
>> I've got the following report while fuzzing the kernel with syzkaller.
>>
>> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>>
>> The issue occurs when we iterate over interface altsettings, but I
>> don't see the driver doing anything wrong. I might be missing
>> something, or this might be an issue in USB core altsettings parsing.
>
> My guess is the latter, although I can't see what is going wrong.  Can
> you provide the code that does this?

I did, see the previous email (replying in case you missed it).

>
> Alan Stern
>