| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Dec 2023 09:14:11 +0800 From: Gao Xiang <hsiangkao@...ux.alibaba.com> To: Edward Adam Davis <eadavis@...com>, syzbot+6c746eea496f34b3161d@...kaller.appspotmail.com Cc: chao@...nel.org, huyue2@...lpad.com, jefflexu@...ux.alibaba.com, linux-erofs@...ts.ozlabs.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, xiang@...nel.org Subject: Re: [PATCH] erofs: fix uninit-value in z_erofs_lz4_decompress On 2023/12/29 19:09, Edward Adam Davis wrote: > When LZ4 decompression fails, the number of bytes read from out should be > inputsize plus the returned overflow value ret. > > Reported-and-tested-by: syzbot+6c746eea496f34b3161d@...kaller.appspotmail.com > Signed-off-by: Edward Adam Davis <eadavis@...com> > --- > fs/erofs/decompressor.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c > index 021be5feb1bc..8ac3f96676c4 100644 > --- a/fs/erofs/decompressor.c > +++ b/fs/erofs/decompressor.c > @@ -250,7 +250,8 @@ static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, > print_hex_dump(KERN_DEBUG, "[ in]: ", DUMP_PREFIX_OFFSET, > 16, 1, src + inputmargin, rq->inputsize, true); > print_hex_dump(KERN_DEBUG, "[out]: ", DUMP_PREFIX_OFFSET, > - 16, 1, out, rq->outputsize, true); > + 16, 1, out, (ret < 0 && rq->inputsize > 0) ? > + (ret + rq->inputsize) : rq->outputsize, true); It's incorrect since output decompressed buffer has no relationship with `rq->inputsize` and `ret + rq->inputsize` is meaningless too. Also, the issue was already fixed by avoiding debugging messages as https://lore.kernel.org/r/20231227151903.2900413-1-hsiangkao@linux.alibaba.com Thanks, Gao Xiang
Powered by blists - more mailing lists