[LTP] [PATCH v3] Fix use after stack unwind in fzsync lib
Martin Doucha
mdoucha@suse.cz
Fri Mar 27 09:42:44 CET 2020
On 26. 03. 20 21:41, Petr Vorel wrote:
> Hi Martin,
>
>> tst_fzsync_pair_reset() passes a local variable to thread B which may be
>> already unwinded by the time the thread wrapper function executes. If new
>> variables get allocated and initialized on stack between pthread_create()
>> and thread wrapper execution, thread B will segfault.
>
> I naively assumed this would fix SIGKILL signal for CVE 2018-1000199 test,
> but it didn't.
No, the fuzzysync fix is unrelated to the CVE-2018-1000199 test. I ran
into mysterious segfaults while writing a test for CVE-2018-18559 which
I haven't finished yet.
--
Martin Doucha mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic
More information about the ltp
mailing list