mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Darrick J. Wong
e6897e32b8
XFS had a use-after-free bug when xfs_xattr_put_listent runs out of listxattr buffer space while trying to store the name "system.posix_acl_access" and then corrupts memory by not checking the seen_enough state and then trying to shove "trusted.SGI_ACL_FILE" into the buffer as well. In order to tickle the bug in a user visible way we must have already put a name in the buffer, so we take advantage of the fact that "security.evm" sorts before "system.posix_acl_access" to make sure this happens. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: Eryu Guan <guaneryu@gmail.com>
3 lines
66 B
Plaintext
3 lines
66 B
Plaintext
QA output created by 529
|
|
list attr: Numerical result out of range
|