[Bug 202326] libteken assert() fail and result in kernel panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Aug 14 16:22:19 UTC 2015


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202326

            Bug ID: 202326
           Summary: libteken assert() fail and result in kernel panic
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: kcwu at csie.org

Created attachment 159862
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159862&action=edit
test cases

Because syscons (a kernel driver) uses libteken, an assertion failure in
libteken would result in kernel panic.

Please see the attach files.
To reproduce:
1. switch to console
2. cat teken-*
-> kernel panic

teken-104 could trigger assert() fail in teken.c line 104.
teken-106 for line 106, and so on.

Depends on terminal state, not all of them always trigger panics. To reproduce
the assertions reliably, you can feed those files to teken_input() directly
like src/sys/teken/stress/teken_stress.c does.


This is very low risk. However, this may be used for DoS attack by combining
other flaws.

This issue is found by afl-fuzz

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list