Commit 3e997e4c authored Oct 18, 2022 by Dongliang Mu Committed by Greg Kroah-Hartman Jan 14, 2023

fs: jfs: fix shift-out-of-bounds in dbAllocAG



[ Upstream commit 898f7066 ]

Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.

Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.

Reported-by:  <syzbot+15342c1aa6a00fb7a438@syzkaller.appspotmail.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent dcbc51d3

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit fb0cece7
· Nov 05, 2025

mentioned in commit fb0cece7

mentioned in commit fb0cece721e4bc2ead3ebcc120c0311ac7cd0654

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit fb0cece7
· Nov 05, 2025

mentioned in commit fb0cece7

mentioned in commit fb0cece721e4bc2ead3ebcc120c0311ac7cd0654

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b28a5779
· Nov 05, 2025

mentioned in commit b28a5779

mentioned in commit b28a5779a89585e44fb2c5ecd7c5a32001061d94

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit b28a5779
· Nov 05, 2025

mentioned in commit b28a5779

mentioned in commit b28a5779a89585e44fb2c5ecd7c5a32001061d94

Toggle commit list

Please to comment