This is a note to let you know that I've just added the patch titled udf: Fix uninitialized array access for some pathnames to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: udf-fix-uninitialized-array-access-for-some-pathname.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit bbaa7a6630c53e59fd397ac57291ce0b9a32cbd2 Author: Jan Kara <jack@xxxxxxx> Date: Wed Jun 21 11:32:35 2023 +0200 udf: Fix uninitialized array access for some pathnames [ Upstream commit 028f6055c912588e6f72722d89c30b401bbcf013 ] For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read uninitialized memory in the output buffer. The only practical impact is that the name may be prepended a "unification hash" when it is not actually needed but still it is good to fix this. Reported-by: syzbot+cd311b1e43cc25f90d18@xxxxxxxxxxxxxxxxxxxxxxxxx Link: https://lore.kernel.org/all/000000000000e2638a05fe9dc8f9@xxxxxxxxxx Signed-off-by: Jan Kara <jack@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c index 5fcfa96463ebb..85521d6b02370 100644 --- a/fs/udf/unicode.c +++ b/fs/udf/unicode.c @@ -247,7 +247,7 @@ static int udf_name_from_CS0(struct super_block *sb, } if (translate) { - if (str_o_len <= 2 && str_o[0] == '.' && + if (str_o_len > 0 && str_o_len <= 2 && str_o[0] == '.' && (str_o_len == 1 || str_o[1] == '.')) needsCRC = 1; if (needsCRC) {