| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_8D66803C29363A97EC36024BCE7451774309@qq.com>
Date: Wed, 31 Jul 2024 09:41:18 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+05d7520be047c9be86e0@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in journal_entry_dev_usage_to_text
entry data bytes too small
#syz test: upstream 1722389b0d86
diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
index e3b1bde489c3..d536da101e89 100644
--- a/fs/bcachefs/bcachefs_format.h
+++ b/fs/bcachefs/bcachefs_format.h
@@ -1252,6 +1252,11 @@ struct jset_entry_dev_usage {
static inline unsigned jset_entry_dev_usage_nr_types(struct jset_entry_dev_usage *u)
{
+ if (vstruct_bytes(&u->entry) < sizeof(struct jset_entry_dev_usage)) {
+ pr_info("entry data bytes %u is too small", vstruct_bytes(&u->entry));
+ return 0;
+ }
+
return (vstruct_bytes(&u->entry) - sizeof(struct jset_entry_dev_usage)) /
sizeof(struct jset_entry_dev_usage_type);
}
--
2.43.0
Powered by blists - more mailing lists