| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <11739388-1f97-4dd1-91e7-c2b0becfb75e@gmail.com>
Date: Sat, 4 Nov 2023 18:28:39 +0530
From: Bragatheswaran Manickavel <bragathemanick0908@...il.com>
To: reiserfs-devel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
syzbot+e5bb9eb00a5a5ed2a9a2@...kaller.appspotmail.com
Subject: Re: [PATCH] reiserfs: UBSAN: array-index-out-of-bounds in
direntry_create_vi
On 26/10/23 18:26, Bragatheswaran Manickavel wrote:
> deh defined as an array of type __u16[], and issue is
> triggered when it's trying to access an element at
> index 1, which is out of bounds because the array
> has only one element at index 0.
>
> Reported-by: syzbot+e5bb9eb00a5a5ed2a9a2@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=e5bb9eb00a5a5ed2a9a2
> Signed-off-by: Bragatheswaran Manickavel <bragathemanick0908@...il.com>
> ---
> fs/reiserfs/item_ops.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/reiserfs/item_ops.c b/fs/reiserfs/item_ops.c
> index 3a5a752d96c7..ccf547c5e8e1 100644
> --- a/fs/reiserfs/item_ops.c
> +++ b/fs/reiserfs/item_ops.c
> @@ -484,7 +484,7 @@ static int direntry_create_vi(struct virtual_node *vn,
> vn->vn_mode);
> dir_u->entry_sizes[i] =
> (j ? deh_location(&deh[j - 1]) : ih_item_len(vi->vi_ih)) -
> - deh_location(&deh[j]) + DEH_SIZE;
> + deh_location(&deh[j - 1]) + DEH_SIZE;
> }
>
> size += (dir_u->entry_count * sizeof(short));
Could someone help in reviewing the changes. I see reiserfs was marked with
obsolete but still wanted to know whether this patch is correct and can be
taken (if possible)
Thanks,
Bragathe
Powered by blists - more mailing lists