| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68f29840.a70a0220.b3ac9.0032.GAE@google.com>
Date: Fri, 17 Oct 2025 12:25:52 -0700
From: syzbot <syzbot+4b717071f1eecb2972df@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Forwarded: UBSAN: shift-out-of-bounds in dbAllocAG (3)
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: UBSAN: shift-out-of-bounds in dbAllocAG (3)
Author: hsukrut3@...il.com
#syz test
---
fs/jfs/jfs_dmap.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index cdfa699cd7c8..477b332763a8 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1372,6 +1372,12 @@ dbAllocAG(struct bmap * bmp, int agno, s64 nblocks, int l2nb, s64 * results)
dcp = (struct dmapctl *) mp->data;
budmin = dcp->budmin;
+ if (unlikely(budmin < 0) {
+ jfs_err("JFS: dmapctl corruption: budmin=%d", budmin);
+ release_metapage(mp);
+ return -EIO;
+ }
+
if (dcp->leafidx != cpu_to_le32(CTLLEAFIND)) {
jfs_error(bmp->db_ipbmap->i_sb, "Corrupt dmapctl page\n");
release_metapage(mp);
--
2.43.0
Powered by blists - more mailing lists