Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Dec 2017 12:09:50 +0300
From: Dan Carpenter <>
To: Greg KH <>
Cc: at zhou <>,,,,,,
Subject: Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1

On Thu, Dec 07, 2017 at 12:17:18PM +0100, Greg KH wrote:
> On Thu, Dec 07, 2017 at 06:01:43PM +0800, at zhou wrote:
> > Hi all,
> > 
> > credit   to   L5@...vulcan team
> > 
> > I fuzzed the linux kernel and find signed integer overflow on linux
> > 4.15.0-rc1+.
> > the crash log can see below, the .config and the poc file ,please see the
> > attachments.
> Odd, doesn't seem to affect a 4.9 or 4.15-rc2 kernel here on my
> machines, is there something specific in the .config that might be
> triggering this?

Greg, you're running with UBSAN?

I've always wondered how UBSAN was going to work because there are *so*
many harmless integer overflows in the kernel.  That's my main challenge
with trying to use static analysis for integer overflows.

dan carpenter

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ