Commit 4b28e37b authored by Pavel Skripkin's avatar Pavel Skripkin Committed by Yifan Qiao
Browse files

jfs: fix divide error in dbNextAG 

stable inclusion
from stable-v5.10.110
commit fbd56a61ceee221feea7fc978404e8d458e948a2
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RG40
CVE: CVE-2023-52804

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fbd56a61ceee221feea7fc978404e8d458e948a2



--------------------------------

[ Upstream commit 2cc7cc01 ]

Syzbot reported divide error in dbNextAG(). The problem was in missing
validation check for malicious image.

Syzbot crafted an image with bmp->db_numag equal to 0. There wasn't any
validation checks, but dbNextAG() blindly use bmp->db_numag in divide
expression

Fix it by validating bmp->db_numag in dbMount() and return an error if
image is malicious

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: default avatar <syzbot+46f5c25af73eb8330eb6@syzkaller.appspotmail.com>
Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarYu Liao <liaoyu15@huawei.com>
Signed-off-by: default avatarYifan Qiao <qiaoyifan4@huawei.com>
parent 5dac66de
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment