| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251009023733.3705264-1-lizhi.xu@windriver.com>
Date: Thu, 9 Oct 2025 10:37:33 +0800
From: Lizhi Xu <lizhi.xu@...driver.com>
To: <syzbot+3a1878433bc1cb97b42a@...kaller.appspotmail.com>
CC: <almaz.alexandrovich@...agon-software.com>, <linux-kernel@...r.kernel.org>,
<ntfs3@...ts.linux.dev>, <syzkaller-bugs@...glegroups.com>
Subject: [PATCH] ntfs3: avoid memcpy size warning
There are more entries after the structure, use unsafe_memcpy() to avoid
this warning.
syzbot reported:
memcpy: detected field-spanning write (size 3656) of single field "hdr1" at fs/ntfs3/index.c:1927 (size 16)
Call Trace:
indx_insert_entry+0x1a0/0x460 fs/ntfs3/index.c:1996
ni_add_name+0x4dd/0x820 fs/ntfs3/frecord.c:2995
ni_rename+0x98/0x170 fs/ntfs3/frecord.c:3026
ntfs_rename+0xab9/0xf00 fs/ntfs3/namei.c:332
Reported-by: syzbot+3a1878433bc1cb97b42a@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3a1878433bc1cb97b42a
Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com>
---
fs/ntfs3/index.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 6d1bf890929d..7157cfd70fdc 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1924,7 +1924,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
* Undo critical operations.
*/
indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits);
- memcpy(hdr1, hdr1_saved, used1);
+ unsafe_memcpy(hdr1, hdr1_saved, used1,
+ "There are entries after the structure");
indx_write(indx, ni, n1, 0);
}
--
2.43.0
Powered by blists - more mailing lists