| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_152025FEBA06BB5533C69ED71B124BA11B08@qq.com> Date: Tue, 20 Aug 2024 19:19:57 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+5a64828fcc4c2ad9b04f@...kaller.appspotmail.com Cc: jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, linux-kernel@...r.kernel.org, mark@...heh.com, ocfs2-devel@...ts.linux.dev, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [ocfs2?] general protection fault in ocfs2_prepare_dir_for_insert i_size_read(dir) too big, make limit overflow, cause last_de uninit. #syz test: upstream b0da640826ba diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c index d620d4c53c6f..c308dba6d213 100644 --- a/fs/ocfs2/dir.c +++ b/fs/ocfs2/dir.c @@ -3343,6 +3343,8 @@ static int ocfs2_find_dir_space_id(struct inode *dir, struct buffer_head *di_bh, unsigned long offset = 0; unsigned int rec_len, new_rec_len, free_space; + if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE) + return -EINVAL; /* * This calculates how many free bytes we'd have in block zero, should * this function force expansion to an extent tree.
Powered by blists - more mailing lists