Commit 92b08284 authored Oct 26, 2024 by Jeongjun Park Committed by Zhang Zekun Oct 26, 2024

jfs: Fix array-index-out-of-bounds in diFree

stable inclusion
from stable-v5.10.224
commit 538a27c8048f081a5ddd286f886eb986fbbc7f80
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAKQ4Y
CVE: CVE-2024-43858

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=538a27c8048f081a5ddd286f886eb986fbbc7f80



---------------------------------------------------------

[ Upstream commit f73f969b2eb39ad8056f6c7f3a295fa2f85e313a ]

Reported-by:  <syzbot+241c815bda521982cb49@syzkaller.appspotmail.com>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com>

parent 96a40671

fs/jfs/jfs_imap.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -292,7 +292,7 @@ int diSync(struct inode *ipimap)
		int diRead(struct inode *ip)
		{
		struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
		int iagno, ino, extno, rc;
		int iagno, ino, extno, rc, agno;
		struct inode *ipimap;
		struct dinode *dp;
		struct iag *iagp;
		@@ -341,8 +341,11 @@ int diRead(struct inode *ip)

		/* get the ag for the iag */
		agstart = le64_to_cpu(iagp->agstart);
		agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb));

		release_metapage(mp);
		if (agno >= MAXAG \|\| agno < 0)
		return -EIO;

		rel_inode = (ino & (INOSPERPAGE - 1));
		pageno = blkno >> sbi->l2nbperpage;