On Thu, 5 Jan 2023 at 17:45, Viacheslav Dubeyko <slava@xxxxxxxxxxx> wrote: > > On Wed, Jan 04, 2023 at 08:37:16PM -0800, Viacheslav Dubeyko wrote: > >> Also, as far as I can see, available volume in report (mount_0.gz) somehow corrupted already: > > > > Syzbot generates deliberately-corrupted (aka fuzzed) filesystem images. > > So basically, you can't trust anything you read from the disc. > > > > If the volume has been deliberately corrupted, then no guarantee that file system > driver will behave nicely. Technically speaking, inode write operation should never > happened for corrupted volume because the corruption should be detected during > b-tree node initialization time. If we would like to achieve such nice state of HFS/HFS+ > drivers, then it requires a lot of refactoring/implementation efforts. I am not sure that > it is worth to do because not so many guys really use HFS/HFS+ as the main file > system under Linux. Most popular distros will happily auto-mount HFS/HFS+ from anything inserted into USB (e.g. what one may think is a charger). This creates interesting security consequences for most Linux users. An image may also be corrupted non-deliberately, which will lead to random memory corruptions if the kernel trusts it blindly.
