fs: jfs: fix shift-out-of-bounds in dbAllocAG
stable inclusion from stable-v5.10.163 commit 3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RG40 CVE: CVE-2023-52804 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd -------------------------------- [ Upstream commit 898f7066 ] Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp->db_agl2size. The field can be greater than 64 and trigger the shift-out-of-bounds. Fix this bug by adding a check of bmp->db_agl2size in dbMount since this field is used in many following functions. The upper bound for this field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp. Note that, for maintenance, I reorganized error handling code of dbMount. Reported-by:<syzbot+15342c1aa6a00fb7a438@syzkaller.appspotmail.com> Signed-off-by:
Loading
Please sign in to comment