Re: [PATCH] erofs-utils: mkfs: fix out-of-bounds memory access in mt-mkfs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gao Xiang <xiang@kernel.org>
To: Yifan Zhao <zhaoyifan@sjtu.edu.cn>
Cc: linux-erofs@lists.ozlabs.org
Subject: Re: [PATCH] erofs-utils: mkfs: fix out-of-bounds memory access in mt-mkfs
Date: Sun, 17 Mar 2024 15:08:14 +0800	[thread overview]
Message-ID: <ZfaW3oLe8Q2621DV@debian> (raw)
In-Reply-To: <20240317064509.994918-1-zhaoyifan@sjtu.edu.cn>

On Sun, Mar 17, 2024 at 02:45:09PM +0800, Yifan Zhao wrote:
> If a segment is smaller than the block size, sizeof(sctx->membuf) should
> be at least as large as the block size, as memory write into the buffer
> is done in block size.
> 
> Signed-off-by: Yifan Zhao <zhaoyifan@sjtu.edu.cn>
> ---

Folded the following diff into the original patch:

diff --git a/lib/compress.c b/lib/compress.c
index aeb7013..8d88dd1 100644
--- a/lib/compress.c
+++ b/lib/compress.c
@@ -1096,11 +1096,11 @@ void z_erofs_mt_workfn(struct erofs_work *work, void *tlsp)
 	struct erofs_compress_work *cwork = (struct erofs_compress_work *)work;
 	struct erofs_compress_wq_tls *tls = tlsp;
 	struct z_erofs_compress_sctx *sctx = &cwork->ctx;
+	struct erofs_sb_info *sbi = sctx->ictx->inode->sbi;
 	int ret = 0;
 
-	ret = z_erofs_mt_wq_tls_init_compr(sctx->ictx->inode->sbi, tls,
-					   cwork->alg_id, cwork->alg_name,
-					   cwork->comp_level,
+	ret = z_erofs_mt_wq_tls_init_compr(sbi, tls, cwork->alg_id,
+					   cwork->alg_name, cwork->comp_level,
 					   cwork->dict_size);
 	if (ret)
 		goto out;
@@ -1109,7 +1109,7 @@ void z_erofs_mt_workfn(struct erofs_work *work, void *tlsp)
 	sctx->destbuf = tls->destbuf;
 	sctx->chandle = &tls->ccfg[cwork->alg_id].handle;
 
-	sctx->membuf = malloc(sctx->remaining);
+	sctx->membuf = malloc(round_up(sctx->remaining, erofs_blksiz(sbi)));
 	if (!sctx->membuf) {
 		ret = -ENOMEM;
 		goto out;
-- 
2.30.2

     prev parent reply	other threads:[~2024-03-17  7:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-17  6:45 [PATCH] erofs-utils: mkfs: fix out-of-bounds memory access in mt-mkfs Yifan Zhao
2024-03-17  7:08 ` Gao Xiang [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:aeb7013 dfblob:8d88dd1 )
 OR (
bs:"Re: [PATCH] erofs-utils: mkfs: fix out-of-bounds memory access in mt-mkfs" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZfaW3oLe8Q2621DV@debian \
    --to=xiang@kernel.org \
    --cc=linux-erofs@lists.ozlabs.org \
    --cc=zhaoyifan@sjtu.edu.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.