From de437be6f92c7ee553a3760c0655749b7176243d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
Date: Sun, 22 Jan 2023 03:36:06 +0000
Subject: [PATCH] libblkid: bcachefs: fix member_field_end

The end of this member is the start of the next one, not the start of
the current one.
---
 libblkid/src/superblocks/bcache.c              |   4 ++--
 .../test_blkid_fuzz_files/oss-fuzz-55318       | Bin 0 -> 134034 bytes
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318

diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index 2480517314..b405480496 100644
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -147,7 +147,7 @@ static int probe_bcache (blkid_probe pr, const struct blkid_idmag *mag)
 static unsigned char *member_field_end(
 		const struct bcachefs_sb_field_members *field, size_t idx)
 {
-	return (unsigned char *) &field->members + (sizeof(*field->members) * idx);
+	return (unsigned char *) &field->members + (sizeof(*field->members) * (idx + 1));
 }
 
 static void probe_bcachefs_sb_members(blkid_probe pr,
@@ -162,7 +162,7 @@ static void probe_bcachefs_sb_members(blkid_probe pr,
 	uint8_t i;
 
 	if ((unsigned char *) field + BYTES(field)
-			!= member_field_end(members, bcs->nr_devices))
+			!= member_field_end(members, bcs->nr_devices - 1))
 		return;
 
 	if (member_field_end(members, dev_idx) > sb_end)
diff --git a/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318 b/tests/ts/fuzzers/test_blkid_fuzz_files/oss-fuzz-55318
new file mode 100644
index 0000000000000000000000000000000000000000..36b07a99df3c987ccfb40b6406acc4225b76b877
GIT binary patch
literal 134034
zc-rmVZ)_7~0LSs?+8gUAFenR>K}dxuI)-!u0Ttp<x~Pmn*k+axlR*R%BLTO?@Iu%?
zNkj};@QtqwiH<~^jszvRi1Qy)AqHL;C7A)qAYw>_NKhke=UwmmcP*^jt-b4gKhRz8
z+CF#pyX)O^*QZw@gs5FrU)}wMfCIRQ00000aID@v&41Sv2T$$ZbhGuT?k&57S3g4V
z7>|2ACXY~25xZrSTq)ZT+donLmu$T_xTf^1tD~yx_<=(kHWnS|t~wFe+V)ZP*{(H3
zJ9q54@pkowjhkM&!+650QC_6qSJbL@iwjQ{mz-{yrVW$STfXFJ6H}&0t}mxZBblGJ
zH}m8A3$wkx!%{rPde(Gk()sFRPqrN1c6w>Y_?y=%qiay;@4Aakje7qif9&fEL`mo*
z$^%CKIb(BnztMkR_<dz`=NR4DM)zK$tF3iz?IsDAHa(r{ZCuQFWTPvo|MEoiyp8(w
z$a^UKo=NDJ68c>U{qER)moeTp<K5<#B;|U{@W}Hd{Rz`!-Yc=n?vi_WzCDxm?)HT3
zLS%*w?(ou(#%4Xx<}d#a!xKmA4J`?^EBTV{(h^0suO~{6Tspe9G1YWP+d^ZKyy}=o
zQoeV`x!<>)s{Jly`EP{Fm+xG@a3w9juD|1xLknI!ma_Z?NhFC2Ip@6|<IatPZN~(a
zH~_iekB0W;Rm!tLJ{$u8JG(&56wakwBm)2d0KlP2hyVZ_hqi7G-}h&&ZKsg5#v-)s
zL?(^CZKp2WwsWr0&7roPal<3eqiv^IZ98XVS=_W+rfq48@@ZQ-Mo0_*U~y`7;4$^~
zVbTZd4-Xl%VeKlnJbu{wyZ93RJU_89zLdQAO<T8=Z*HD1I)qDi^_BL!RAP)u?RaHa
zv`S~nM<QNMY<&D+lBoVs|7%Z^{95(B>Y){Ne*d(1iO1vsFx>4coVz2|6p#cgxN?#K
zVhj)g0D#&Kpu43W!_93RsQo;zNgp7IUHY9>yM;K~+4*#hJ~X)Qec_Rh1YQq)Haxj>
zQ*%pDY;M*boKWDAg{Z5quC1?K8?0HWzkcx7)iu%a$VtZClG^i$13IG=6Ig!=(=cS(
zQZ4N0NnWK_f9b7ZmpNo^eLmlMpRd9fPxkq~*SbBL%Ev1;^LnCsyNo;9R2X-qo;l%%
zm2g*|%&LBMQU*gq+05C|EFwVe>?_H@(e|JFcIUW#7d{iN<3jxP@tS$J_MMsaR^R?_
zdPM0-XGJlcwE+NNSAHUhXZ9hsn@DYiR)DruMg#x=!1e-R6@f*MEMB;@VqsuWc}4k>
ziba9I)T!hHdznZCfJs`30000WhYS({FqERS(hAjSE)xNeTp<xy-Ap1dTN@GBx*GRi
zuFoLn=K<LGNSiO5r?gU*W$)z=R><<zhW6EceTvf8M=Ah-3>ZfQ000000E~c_2mk<<
z<EYPLX8-_TD^yhAJfr+l9-9pS000009B+UK00000jMQX4adeD_%`9v-d1Bb669MeP
zmHtaSqy_-UgiDvm02xtkPBE1v2{v&6000000002M1cSv+nbX1?p0~NI$m#ME0UYE^
zdre(ctzRW1$+(=_^3Y#7a(T7u*M3$)mk(AHiA$~_7cC|N0KjOti2xZ?Mg#zWu_6>Q
z0067w8(_|I4{Ip^001(p+|0tpwr2P$OADL@uo#K<gurOuwEU2CI+hUufE;(jw35n_
z4a_HD08|qJ49}-T0002sY?VX+0LVV~6*2&jaS{;#0Bmjo5dZ)H0I-iAvp4GHqz?c9
zGU|t~fBK3P004lUaAgW$%*-MJIKy++nUsEo#gUSq2oR<HX#HL#FLZxFs4rx_-XR~r
zd<8@hF_Q=Y0M@G>kNBnOUYXvN{>AJ){2l-Re)|Fz;w1tg5f?21kR9gKAs?k04S*wG
zz|vZ2zX1Tq9ovZjfRoWS8vw>;^GXB&0F3AWMcaqE<le-gssZH}g)f)_0AMzm2#}e2
z9uee@!mN$iMfd=sri~U60#srEn^>EFW%2EU?{59=-(~OIt}J?C^J_~91(p(QAOm}I
z;yD|opXCk!0CKdRW3;d$37B9)(xEM9COxyH`+(8MkDvko07P)fR{%gxdm^|ZP@ewY
MZjkd-0AOAJ1K*}g6#xJL

literal 0
Hc-jL100001

-- 
2.47.3