Faults in Linux 3.x : Using value from get_user without check as array index

As part of my work, I need to annotate  the reports generated using Coccinelle Scripts as bugs/FPs for recent Linux Kernels, recent as in versions > 3.0 till the current one 3.18.

As I’m reading the reports (newer ones), so today I completed Linux_get.new.org.

Continue reading

#array-indices, #bugs, #coccinelle, #coccinelle-scripts, #faults, #get_user, #linux-kernel, #linux-kernels

Faults in Linux Kernel 3.x : Unchecked value from copy_from_user used as loop index

As part of my work, I need to annotate  the reports generated using Coccinelle Scripts as bugs/FPs for recent Linux Kernels, recent as in versions > 3.0 till the current one 3.18.

So while reading the reports (newer ones) I first completed Linux_copy.new.org.

Continue reading

#array-indices, #bugs, #coccienlle, #coccinelle-scripts, #faults, #linux-kernel-bugs, #linux-kernels, #programming

Faults in Linux: Using value taken from user as array bounds without check

As part of my project, while reading the reports, I came to know about bugs of type where unchecked values obtained from the user level are used as array indices or loop bounds..  These were less in the versions 2.4.x and 2.6.x. I was also required to list FPs (false positives) by Coccinelle. This post is be about the mentioned type.

You can view the complete report as a PDF here and as a HTML file here.

Continue reading

#array-bounds, #array-indices, #coccinelle, #false-positives