Re: [PATCH] squashfs: squashfs_read_data need to check if the length is 0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On 16/11/2023 03:13 GMT Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx> wrote:
> 
>  
> when the length passed in is 0, the subsequent process should be exited.
> 

Reproduced and tested.

Reviewed-by: Phillip Lougher (phillip@xxxxxxxxxxxxxxx)

> Reported-by: syzbot+32d3767580a1ea339a81@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx>
> ---
>  fs/squashfs/block.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c
> index 581ce9519339..2dc730800f44 100644
> --- a/fs/squashfs/block.c
> +++ b/fs/squashfs/block.c
> @@ -321,7 +321,7 @@ int squashfs_read_data(struct super_block *sb, u64 index, int length,
>  		TRACE("Block @ 0x%llx, %scompressed size %d\n", index - 2,
>  		      compressed ? "" : "un", length);
>  	}
> -	if (length < 0 || length > output->length ||
> +	if (length <= 0 || length > output->length ||
>  			(index + length) > msblk->bytes_used) {
>  		res = -EIO;
>  		goto out;
> -- 
> 2.25.1
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux