| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <675825a6.050a0220.a30f1.01cc.GAE@google.com>
Date: Tue, 10 Dec 2024 03:27:34 -0800
From: syzbot <syzbot+2313dda4dc4885c93578@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] Re: KASAN: use-after-free Read in ocfs2_search_extent_list()
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com.
***
Subject: Re: KASAN: use-after-free Read in ocfs2_search_extent_list()
Author: dmantipov@...dex.ru
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 7cb1b466315004af98f6ba6c2546bb713ca3c237
diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c
index 395e23920632..841135341898 100644
--- a/fs/ocfs2/alloc.c
+++ b/fs/ocfs2/alloc.c
@@ -770,6 +770,10 @@ int ocfs2_search_extent_list(struct ocfs2_extent_list *el, u32 v_cluster)
struct ocfs2_extent_rec *rec;
u32 rec_end, rec_start, clusters;
+ /* Do not search over an invalid extent list. */
+ if (le16_to_cpu(el->l_next_free_rec) >= le16_to_cpu(el->l_count))
+ return ret;
+
for(i = 0; i < le16_to_cpu(el->l_next_free_rec); i++) {
rec = &el->l_recs[i];
Powered by blists - more mailing lists