This is a note to let you know that I've just added the patch titled
squashfs: squashfs_read_data need to check if the length is 0
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
squashfs-squashfs_read_data-need-to-check-if-the-len.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 439a32f71fecc2ab7cc398974a83252428467fe9
Author: Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx>
Date: Thu Nov 16 11:13:52 2023 +0800
squashfs: squashfs_read_data need to check if the length is 0
[ Upstream commit eb66b8abae98f869c224f7c852b685ae02144564 ]
When the length passed in is 0, the pagemap_scan_test_walk() caller should
bail. This error causes at least a WARN_ON().
Link: https://lkml.kernel.org/r/20231116031352.40853-1-lizhi.xu@xxxxxxxxxxxxx
Reported-by: syzbot+32d3767580a1ea339a81@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://lkml.kernel.org/r/0000000000000526f2060a30a085@xxxxxxxxxx
Signed-off-by: Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx>
Reviewed-by: Phillip Lougher <phillip@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c
index 581ce95193390..2dc730800f448 100644
--- a/fs/squashfs/block.c
+++ b/fs/squashfs/block.c
@@ -321,7 +321,7 @@ int squashfs_read_data(struct super_block *sb, u64 index, int length,
TRACE("Block @ 0x%llx, %scompressed size %d\n", index - 2,
compressed ? "" : "un", length);
}
- if (length < 0 || length > output->length ||
+ if (length <= 0 || length > output->length ||
(index + length) > msblk->bytes_used) {
res = -EIO;
goto out;
