Patch "jfs: array-index-out-of-bounds fix in dtReadFirst" has been added to the 6.12-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    jfs: array-index-out-of-bounds fix in dtReadFirst

to the 6.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     jfs-array-index-out-of-bounds-fix-in-dtreadfirst.patch
and it can be found in the queue-6.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 5e4b4795c340043c0989665beb3f4107f2ca0818
Author: Ghanshyam Agrawal <ghanshyam1898@xxxxxxxxx>
Date:   Sat Sep 28 14:07:22 2024 +0530

    jfs: array-index-out-of-bounds fix in dtReadFirst
    
    [ Upstream commit ca84a2c9be482836b86d780244f0357e5a778c46 ]
    
    The value of stbl can be sometimes out of bounds due
    to a bad filesystem. Added a check with appopriate return
    of error code in that case.
    
    Reported-by: syzbot+65fa06e29859e41a83f3@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://syzkaller.appspot.com/bug?extid=65fa06e29859e41a83f3
    Signed-off-by: Ghanshyam Agrawal <ghanshyam1898@xxxxxxxxx>
    Signed-off-by: Dave Kleikamp <dave.kleikamp@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index 5d3127ca68a42..69fd936fbdb37 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -3086,6 +3086,13 @@ static int dtReadFirst(struct inode *ip, struct btstack * btstack)
 
 		/* get the leftmost entry */
 		stbl = DT_GETSTBL(p);
+
+		if (stbl[0] < 0 || stbl[0] > 127) {
+			DT_PUTPAGE(mp);
+			jfs_error(ip->i_sb, "stbl[0] out of bound\n");
+			return -EIO;
+		}
+
 		xd = (pxd_t *) & p->slot[stbl[0]];
 
 		/* get the child page block address */




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux