This is a note to let you know that I've just added the patch titled zstd: Fix array-index-out-of-bounds UBSAN warning to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: zstd-fix-array-index-out-of-bounds-ubsan-warning.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 740958dc0a823f905b9790fa9e57de24633c6436 Author: Nick Terrell <terrelln@xxxxxx> Date: Thu Oct 12 12:55:34 2023 -0700 zstd: Fix array-index-out-of-bounds UBSAN warning [ Upstream commit 77618db346455129424fadbbaec596a09feaf3bb ] Zstd used an array of length 1 to mean a flexible array for C89 compatibility. Switch to a C99 flexible array to fix the UBSAN warning. Tested locally by booting the kernel and writing to and reading from a BtrFS filesystem with zstd compression enabled. I was unable to reproduce the issue before the fix, however it is a trivial change. Link: https://lkml.kernel.org/r/20231012213428.1390905-1-nickrterrell@xxxxxxxxx Reported-by: syzbot+1f2eb3e8cd123ffce499@xxxxxxxxxxxxxxxxxxxxxxxxx Reported-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reported-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Nick Terrell <terrelln@xxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/lib/zstd/common/fse_decompress.c b/lib/zstd/common/fse_decompress.c index a0d06095be83d..8dcb8ca39767c 100644 --- a/lib/zstd/common/fse_decompress.c +++ b/lib/zstd/common/fse_decompress.c @@ -312,7 +312,7 @@ size_t FSE_decompress_wksp(void* dst, size_t dstCapacity, const void* cSrc, size typedef struct { short ncount[FSE_MAX_SYMBOL_VALUE + 1]; - FSE_DTable dtable[1]; /* Dynamically sized */ + FSE_DTable dtable[]; /* Dynamically sized */ } FSE_DecompressWksp;