From: Gao Xiang <xiang@kernel.org>
To: Sandeep Dhavale <dhavale@google.com>
Cc: Gao Xiang <hsiangkao@linux.alibaba.com>, linux-erofs@lists.ozlabs.org
Subject: Re: [PATCH] erofs-utils: lib: fix global-buffer-overflow due to invalid device
Date: Fri, 9 Aug 2024 01:44:50 +0800 [thread overview]
Message-ID: <ZrUEEtnKg4N8DeDc@debian> (raw)
In-Reply-To: <CAB=BE-T-d-vjad6Q1kLeQbSr5pcSQCfX15vKxYvQJOqPncG32A@mail.gmail.com>
Hi Sandeep,
On Thu, Aug 08, 2024 at 10:15:31AM -0700, Sandeep Dhavale via Linux-erofs wrote:
> On Thu, Aug 8, 2024 at 9:04 AM Gao Xiang <hsiangkao@linux.alibaba.com> wrote:
> >
> > Fuzzer generates an image with crafted chunks of some invalid device.
> > Also refine the printed message of EOD.
> >
> > Closes: https://github.com/erofs/erofsnightly/actions/runs/10172576269/job/28135408276
> > Closes: https://github.com/erofs/erofs-utils/issues/11
> > Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
> > ---
> > lib/io.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/io.c b/lib/io.c
> > index 6bfae69..fbeff03 100644
> > --- a/lib/io.c
> > +++ b/lib/io.c
> > @@ -342,6 +342,10 @@ ssize_t erofs_dev_read(struct erofs_sb_info *sbi, int device_id,
> > ssize_t read;
> >
> > if (device_id) {
> > + if (device_id >= sbi->nblobs) {
> > + erofs_err("invalid device id %u", device_id);
> > + return -EIO;
> > + }
> > read = erofs_io_pread(&((struct erofs_vfile) {
> > .fd = sbi->blobfd[device_id - 1],
> > }), buf, offset, len);
> > @@ -352,7 +356,8 @@ ssize_t erofs_dev_read(struct erofs_sb_info *sbi, int device_id,
> > if (read < 0)
> > return read;
> > if (read < len) {
> > - erofs_info("reach EOF of device, pading with zeroes");
> > + erofs_info("reach EOF of device @ %llu, pading with zeroes",
> > + offset | 0ULL);
> nit: typo carried over from previous log. s/pading/padding
Thanks for catching this!
>
> > memset(buf + read, 0, len - read);
> > }
> > return 0;
> > --
> > 2.43.5
> >
>
> Reviewed-by: Sandeep Dhavale <dhavale@google.com>
I'm about to releasing erofs-utils 1.8 today (it already takes much
long time than expected, I don't want to hold it anymore), so the
code is freezed for now.
I will tag v1.8 soon, and write an announcement mail hours later.
Thanks,
Gao Xiang
>
> Thanks,
> Sandeep.
next prev parent reply other threads:[~2024-08-08 17:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-08 16:03 [PATCH] erofs-utils: lib: fix global-buffer-overflow due to invalid device Gao Xiang
2024-08-08 17:15 ` Sandeep Dhavale via Linux-erofs
2024-08-08 17:44 ` Gao Xiang [this message]
2024-08-08 17:55 ` Sandeep Dhavale via Linux-erofs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZrUEEtnKg4N8DeDc@debian \
--to=xiang@kernel.org \
--cc=dhavale@google.com \
--cc=hsiangkao@linux.alibaba.com \
--cc=linux-erofs@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.