#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master --- drivers/block/loop.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index e3c0ba93c1a3..a3d9af0a2077 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -979,9 +979,15 @@ loop_set_status_from_info(struct loop_device *lo, lo->lo_offset = info->lo_offset; lo->lo_sizelimit = info->lo_sizelimit; + lo->lo_flags = info->lo_flags; + + /* loff_t/int vars are assigned __u64/__u32 vars (respectively) */ + if (lo->lo_offset < 0 || lo->lo_sizelimit < 0 || lo->lo_flags < 0) + return -EOVERFLOW; + memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE); lo->lo_file_name[LO_NAME_SIZE-1] = 0; - lo->lo_flags = info->lo_flags; + return 0; } -- 2.35.1
