| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADhLXY5hPspTaBkXPn1ibZrzRnkbQUqH7Du4BzutbBZU=e99aQ@mail.gmail.com> Date: Thu, 20 Nov 2025 07:06:31 +0530 From: Deepanshu Kartikey <kartikey406@...il.com> To: Heming Zhao <heming.zhao@...e.com> Cc: mark@...heh.com, jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, ocfs2-devel@...ts.linux.dev, linux-kernel@...r.kernel.org, syzbot+ab0ad25088673470d2d9@...kaller.appspotmail.com Subject: Re: [PATCH v3] ocfs2: validate inline xattr size and entry count in ocfs2_xattr_ibody_list On Wed, Nov 19, 2025 at 9:06 PM Heming Zhao <heming.zhao@...e.com> wrote: > The following patch code is LGTM, but I can't understand the meaning of above > xh_cont:20041. Please show more details for the value 20041. The value 20041 is the actual corrupted xh_count from the syzbot reproducer's filesystem image. > In my view, > the sizeof(struct ocfs2_xattr_header) is 16 (by: 2+2+2+2+(4+2+2)+0) > the sizeof(struct ocfs2_xattr_entry) is 16 (by: 4+2+1+1+8). > when the inline_size is 256. > the max number of entries for inline mode: (256-16) / 16 = 15. > therefore, the xh_count of 22 (by: 15+7) corresponds to a value that is 7 > entries beyond the boundary. You're absolutely right! I made an error in my commit message - the max is 15 entries, not 7. I'll send v4 with the corrected example using xh_count of 22 as you suggested, which is clearer than the raw syzbot value of 20041. Thanks for catching this! Deepanshu
Powered by blists - more mailing lists