Bug 197371 - Possible access to unintended variable in "kernel/sysctl.c" line 1339
Summary: Possible access to unintended variable in "kernel/sysctl.c" line 1339
Status: NEW
Alias: None
Product: Other
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 enhancement
Assignee: other_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-24 10:59 UTC by Petru-Florin Mihancea
Modified: 2018-03-24 20:57 UTC (History)
1 user (show)

See Also:
Kernel Version: Master branch
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Petru-Florin Mihancea 2017-10-24 10:59:02 UTC 
While experimenting with a CodeSonar plugin we develop, we noticed a
potential inconsistency in file "kernel/sysctl.c" line 1339, initialization of "vm_table" array.

{
    .procname	= "dirtytime_expire_seconds",
    .data	= &dirtytime_expire_interval,
    .maxlen	= sizeof(dirty_expire_interval), //HERE
    .mode	= 0644,
    .proc_handler = dirtytime_interval_handler,
    .extra1	= &zero,
},

Shoudn't "dirtytime_expire_interval" be used instead of "dirty_expire_interval"? Yes, it looks harmless because the variables have the same type. However, the real intention looks to be the usage of sizeof(dirtytime_expire_interval).

Thanks,
Petru Mihancea
Comment 1 Randy Dunlap 2018-03-24 20:57:29 UTC 
Patch posted to linux-kernel mailing list on 2018-03-23 and Cc-ed to Petru.
BTW, you could have just posted a patch for this.
Note You need to log in before you can comment on or make changes to this bug.