lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f8929047-fd9c-4a34-8c12-2ac93f85c75d@paragon-software.com>
Date: Thu, 20 Nov 2025 10:04:35 +0100
From: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
To: Lizhi Xu <lizhi.xu@...driver.com>,
	<syzbot+3a1878433bc1cb97b42a@...kaller.appspotmail.com>
CC: <linux-kernel@...r.kernel.org>, <ntfs3@...ts.linux.dev>,
	<syzkaller-bugs@...glegroups.com>
Subject: Re: [PATCH] ntfs3: avoid memcpy size warning

On 10/9/25 04:37, Lizhi Xu wrote:

> There are more entries after the structure, use unsafe_memcpy() to avoid
> this warning.
>
> syzbot reported:
> memcpy: detected field-spanning write (size 3656) of single field "hdr1" at fs/ntfs3/index.c:1927 (size 16)
> Call Trace:
>   indx_insert_entry+0x1a0/0x460 fs/ntfs3/index.c:1996
>   ni_add_name+0x4dd/0x820 fs/ntfs3/frecord.c:2995
>   ni_rename+0x98/0x170 fs/ntfs3/frecord.c:3026
>   ntfs_rename+0xab9/0xf00 fs/ntfs3/namei.c:332
>
> Reported-by: syzbot+3a1878433bc1cb97b42a@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=3a1878433bc1cb97b42a
> Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com>
> ---
>   fs/ntfs3/index.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 6d1bf890929d..7157cfd70fdc 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -1924,7 +1924,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
>   		 * Undo critical operations.
>   		 */
>   		indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits);
> -		memcpy(hdr1, hdr1_saved, used1);
> +		unsafe_memcpy(hdr1, hdr1_saved, used1,
> +			      "There are entries after the structure");
>   		indx_write(indx, ni, n1, 0);
>   	}
>   

Thanks for the patch. Applied.

Regards,
Konstantin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ