]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e43105f)
libblkid: bcachefs: fix member_field_end
authorThomas Weißschuh <thomas@t-8ch.de>
Sun, 22 Jan 2023 03:36:06 +0000 (03:36 +0000)
committerThomas Weißschuh <thomas@t-8ch.de>
Sun, 22 Jan 2023 03:39:10 +0000 (03:39 +0000)
The end of this member is the start of the next one, not the start of
the current one.

libblkid/src/superblocks/bcache.c patch | blob | blame | history
tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318 [new file with mode: 0644] patch | blob

diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index 24805173142746610519ae1edae08696f94b4991..b40548049696d333ee03bcce6a37029722053957 100644 (file)
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -147,7 +147,7 @@ static int probe_bcache (blkid_probe pr, const struct blkid_idmag *mag)
 static unsigned char *member_field_end(
                const struct bcachefs_sb_field_members *field, size_t idx)
 {
-       return (unsigned char *) &field->members + (sizeof(*field->members) * idx);
+       return (unsigned char *) &field->members + (sizeof(*field->members) * (idx + 1));
 }
 
 static void probe_bcachefs_sb_members(blkid_probe pr,
@@ -162,7 +162,7 @@ static void probe_bcachefs_sb_members(blkid_probe pr,
        uint8_t i;
 
        if ((unsigned char *) field + BYTES(field)
-                       != member_field_end(members, bcs->nr_devices))
+                       != member_field_end(members, bcs->nr_devices - 1))
                return;
 
        if (member_field_end(members, dev_idx) > sb_end)
diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318
new file mode 100644 (file)
index 0000000..36b07a9
Binary files /dev/null and b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318 differ
Unnamed repository; edit this file 'description' to name the repository.