[PATCH] fs/erofs: fix an overflow issue of unmapped extents
Here the size should be `length - skip`, otherwise it could cause the destination buffer overflow.
Reported-by: jianqiang wang wjq.sec@gmail.com Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support") Signed-off-by: Jianan Huang jnhuang95@gmail.com --- fs/erofs/data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/erofs/data.c b/fs/erofs/data.c index f4b21d7917..95b609d8ea 100644 --- a/fs/erofs/data.c +++ b/fs/erofs/data.c @@ -313,7 +313,7 @@ static int z_erofs_read_data(struct erofs_inode *inode, char *buffer, }
if (!(map.m_flags & EROFS_MAP_MAPPED)) { - memset(buffer + end - offset, 0, length); + memset(buffer + end - offset, 0, length - skip); end = map.m_la; continue; }
On 2024/6/5 22:05, Jianan Huang wrote:
Here the size should be `length - skip`, otherwise it could cause the destination buffer overflow.
Reported-by: jianqiang wang wjq.sec@gmail.com Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support") Signed-off-by: Jianan Huang jnhuang95@gmail.com
Reviewed-by: Gao Xiang hsiangkao@linux.alibaba.com
Thanks, Gao Xiang
participants (3)
-
Gao Xiang -
Jianan Huang -
Tom Rini