Skip to content
Commit d3b48694 authored by Dongliang Mu's avatar Dongliang Mu Committed by Greg Kroah-Hartman
Browse files

fs: jfs: fix shift-out-of-bounds in dbAllocAG 

[ Upstream commit 898f7066

 ]

Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.

Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.

Reported-by: default avatar <syzbot+15342c1aa6a00fb7a438@syzkaller.appspotmail.com>
Signed-off-by: default avatarDongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 0f1a4899
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment