Commit 78f2560f authored by Bernd Schubert's avatar Bernd Schubert Committed by Miklos Szeredi
Browse files

fuse: Set *nbytesp=0 in fuse_get_user_pages on allocation failure 



In fuse_get_user_pages(), set *nbytesp to 0 when struct page **pages
allocation fails. This prevents the caller (fuse_direct_io) from making
incorrect assumptions that could lead to NULL pointer dereferences
when processing the request reply.

Previously, *nbytesp was left unmodified on allocation failure, which
could cause issues if the caller assumed pages had been added to
ap->descs[] when they hadn't.

Reported-by: default avatar <syzbot+87b8e6ed25dbc41759f7@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=87b8e6ed25dbc41759f7


Fixes: 3b97c365 ("fuse: convert direct io to use folios")
Signed-off-by: default avatarBernd Schubert <bschubert@ddn.com>
Reviewed-by: default avatarJoanne Koong <joannelkoong@gmail.com>
Tested-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
Tested-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
parent 7a4f5418
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment