fs: jfs: fix shift-out-of-bounds in dbAllocAG (898f7066) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 898f7066 authored Oct 18, 2022 by

Dongliang Mu Committed by Dave Kleikamp Oct 18, 2022

fs: jfs: fix shift-out-of-bounds in dbAllocAG

Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.

Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.

Reported-by: <syzbot+15342c1aa6a00fb7a438@syzkaller.appspotmail.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

parent bbb8ceb5

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit d3b48694
· Jan 08, 2023

mentioned in commit d3b48694

mentioned in commit d3b486946a4e62c7ef6023f7d9c1d049051384ba

Toggle commit list

Please register or to comment