| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_3D4E4FB18DDDA5988DE9920ADDDFDD859907@qq.com> Date: Tue, 30 Jul 2024 12:10:19 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+05d7520be047c9be86e0@...kaller.appspotmail.com Cc: kent.overstreet@...ux.dev, linux-bcachefs@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: [PATCH] bcachefs: Add checks for entry's _data bytes syzbot report slab-out-of-bounds in journal_entry_dev_usage_to_text, it because vstruct_bytes(entry) smaller than sizeof(struct jset_entry_dev_usage), overflow occurs when calculating the difference in jset_entry_dev_usage_nr_types(u). Reported-by: syzbot+05d7520be047c9be86e0@...kaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=05d7520be047c9be86e0 Signed-off-by: Edward Adam Davis <eadavis@...com> --- fs/bcachefs/sb-clean.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c index 47f10ab57f40..278e1a25159a 100644 --- a/fs/bcachefs/sb-clean.c +++ b/fs/bcachefs/sb-clean.c @@ -310,6 +310,9 @@ static void bch2_sb_clean_to_text(struct printbuf *out, struct bch_sb *sb, !entry->u64s) continue; + if (vstruct_bytes(entry) < sizeof(struct jset_entry_dev_usage)) + continue; + bch2_journal_entry_to_text(out, NULL, entry); prt_newline(out); } -- 2.43.0
Powered by blists - more mailing lists