From: Pengpeng Hou Date: Fri, 27 Mar 2026 06:19:55 +0000 (+0800) Subject: fs/ntfs3: terminate the cached volume label after UTF-8 conversion X-Git-Tag: v7.1-rc1~76^2~2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=a6cd43fe9b083fa23fe1595666d5738856cb261a;p=thirdparty%2Fkernel%2Flinux.git fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfs_fill_super() loads the on-disk volume label with utf16s_to_utf8s() and stores the result in sbi->volume.label. The converted label is later exposed through ntfs3_label_show() using %s, but utf16s_to_utf8s() only returns the number of bytes written and does not add a trailing NUL. If the converted label fills the entire fixed buffer, ntfs3_label_show() can read past the end of sbi->volume.label while looking for a terminator. Terminate the cached label explicitly after a successful conversion and clamp the exact-full case to the last byte of the buffer. Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block") Signed-off-by: Pengpeng Hou Signed-off-by: Konstantin Komarov --- diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 57922edf1ae1..11027be3ee94 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -1339,8 +1339,13 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc) le32_to_cpu(attr->res.data_size) >> 1, UTF16_LITTLE_ENDIAN, sbi->volume.label, sizeof(sbi->volume.label)); - if (err < 0) + if (err < 0) { sbi->volume.label[0] = 0; + } else if (err >= sizeof(sbi->volume.label)) { + sbi->volume.label[sizeof(sbi->volume.label) - 1] = 0; + } else { + sbi->volume.label[err] = 0; + } } else { /* Should we break mounting here? */ //err = -EINVAL;