]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e3bb0c5) | patch
jfs: fix array-index-out-of-bounds read in add_missing_indices
authorAditya Dutt <duttaditya18@gmail.com>
Tue, 1 Apr 2025 15:29:16 +0000 (20:59 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 27 Jun 2025 10:05:29 +0000 (11:05 +0100)
commit44618bee303bed151ef3a525ff79fbd7689593b5
treee2f27cc362971be90dfa03549bd8874399259bd5tree
parente3bb0c5a30719677758320371a9f075717c4c887commit | diff
jfs: fix array-index-out-of-bounds read in add_missing_indices

[ Upstream commit 5dff41a86377563f7a2b968aae00d25b4ceb37c9 ]

stbl is s8 but it must contain offsets into slot which can go from 0 to
127.

Added a bound check for that error and return -EIO if the check fails.
Also make jfs_readdir return with error if add_missing_indices returns
with an error.

Reported-by: syzbot+b974bd41515f770c608b@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com./bug?extid=b974bd41515f770c608b
Signed-off-by: Aditya Dutt <duttaditya18@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/jfs/jfs_dtree.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git