[ovs-dev] [PATCH] NSH: Fix NSH-related length macros that cause stack overflow

Ben Pfaff blp at ovn.org
Fri Oct 26 22:05:45 UTC 2018


On Fri, Oct 26, 2018 at 02:55:55PM -0700, Ben Pfaff wrote:
> On Thu, Oct 25, 2018 at 02:41:50PM -0700, Yifeng Sun wrote:
> > In the filed of ver_flags_ttl_len of struct nshhdr, there are only 6
> > bits that are used to indicate header's total length in 4-byte words.
> > Therefore, the max value for total is 252 (63x4), instead of 256 used
> > in present code base. This patch fixes it.
> > 
> > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10855
> > Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
> 
> Thanks for the patch and the bug fix.
> 
> Would you mind adding a few words to the commit message that explains
> how this can lead to stack overflow?

Oops, I accidentally applied this anyway.  Never mind on the commit
message update.


More information about the dev mailing list