This is a note to let you know that I've just added the patch titled
zstd: Fix array-index-out-of-bounds UBSAN warning
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
zstd-fix-array-index-out-of-bounds-ubsan-warning.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 740958dc0a823f905b9790fa9e57de24633c6436
Author: Nick Terrell <terrelln@xxxxxx>
Date: Thu Oct 12 12:55:34 2023 -0700
zstd: Fix array-index-out-of-bounds UBSAN warning
[ Upstream commit 77618db346455129424fadbbaec596a09feaf3bb ]
Zstd used an array of length 1 to mean a flexible array for C89
compatibility. Switch to a C99 flexible array to fix the UBSAN warning.
Tested locally by booting the kernel and writing to and reading from a
BtrFS filesystem with zstd compression enabled. I was unable to reproduce
the issue before the fix, however it is a trivial change.
Link: https://lkml.kernel.org/r/20231012213428.1390905-1-nickrterrell@xxxxxxxxx
Reported-by: syzbot+1f2eb3e8cd123ffce499@xxxxxxxxxxxxxxxxxxxxxxxxx
Reported-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Reported-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Nick Terrell <terrelln@xxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/lib/zstd/common/fse_decompress.c b/lib/zstd/common/fse_decompress.c
index a0d06095be83d..8dcb8ca39767c 100644
--- a/lib/zstd/common/fse_decompress.c
+++ b/lib/zstd/common/fse_decompress.c
@@ -312,7 +312,7 @@ size_t FSE_decompress_wksp(void* dst, size_t dstCapacity, const void* cSrc, size
typedef struct {
short ncount[FSE_MAX_SYMBOL_VALUE + 1];
- FSE_DTable dtable[1]; /* Dynamically sized */
+ FSE_DTable dtable[]; /* Dynamically sized */
} FSE_DecompressWksp;
