[PATCH AUTOSEL 6.5 07/15] zstd: Fix array-index-out-of-bounds UBSAN warning

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Nick Terrell <terrelln@fb.com>,
	syzbot+1f2eb3e8cd123ffce499@syzkaller.appspotmail.com,
	Eric Biggers <ebiggers@kernel.org>,
	Kees Cook <keescook@chromium.org>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 6.5 07/15] zstd: Fix array-index-out-of-bounds UBSAN warning
Date: Wed, 22 Nov 2023 10:33:09 -0500	[thread overview]
Message-ID: <20231122153340.852434-7-sashal@kernel.org> (raw)
In-Reply-To: <20231122153340.852434-1-sashal@kernel.org>

From: Nick Terrell <terrelln@fb.com>

[ Upstream commit 77618db346455129424fadbbaec596a09feaf3bb ]

Zstd used an array of length 1 to mean a flexible array for C89
compatibility. Switch to a C99 flexible array to fix the UBSAN warning.

Tested locally by booting the kernel and writing to and reading from a
BtrFS filesystem with zstd compression enabled. I was unable to reproduce
the issue before the fix, however it is a trivial change.

Link: https://lkml.kernel.org/r/20231012213428.1390905-1-nickrterrell@gmail.com
Reported-by: syzbot+1f2eb3e8cd123ffce499@syzkaller.appspotmail.com
Reported-by: Eric Biggers <ebiggers@kernel.org>
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nick Terrell <terrelln@fb.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 lib/zstd/common/fse_decompress.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/zstd/common/fse_decompress.c b/lib/zstd/common/fse_decompress.c
index a0d06095be83d..8dcb8ca39767c 100644
--- a/lib/zstd/common/fse_decompress.c
+++ b/lib/zstd/common/fse_decompress.c
@@ -312,7 +312,7 @@ size_t FSE_decompress_wksp(void* dst, size_t dstCapacity, const void* cSrc, size
 
 typedef struct {
     short ncount[FSE_MAX_SYMBOL_VALUE + 1];
-    FSE_DTable dtable[1]; /* Dynamically sized */
+    FSE_DTable dtable[]; /* Dynamically sized */
 } FSE_DecompressWksp;
 
 
-- 
2.42.0

next prev parent reply	other threads:[~2023-11-22 15:38 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-22 15:33 [PATCH AUTOSEL 6.5 01/15] scsi: sd: Fix sshdr use in sd_suspend_common() Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 02/15] x86/acpi: Ignore invalid x2APIC entries Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 03/15] hrtimers: Push pending hrtimers away from outgoing CPU earlier Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 04/15] i2c: designware: Fix corrupted memory seen in the ISR Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 05/15] netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 06/15] nouveau: use an rwlock for the event lock Sasha Levin
2023-11-22 15:33 ` Sasha Levin [this message]
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 08/15] tg3: Move the [rt]x_dropped counters to tg3_napi Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 09/15] tg3: Increment tx_dropped in tg3_tso_bug() Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 10/15] linux/export: clean up the IA-64 KSYM_FUNC macro Sasha Levin
2023-11-22 20:08   ` Lukas Bulwahn
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 11/15] kconfig: fix memory leak from range properties Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 12/15] drm/amdgpu: Do not program VF copy regs in mmhub v1.8 under SRIOV (v2) Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 13/15] drm/amdgpu: finalizing mem_partitions at the end of GMC v9 sw_fini Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 14/15] drm/amdgpu: correct chunk_ptr to a pointer to chunk Sasha Levin
2023-11-22 15:33 ` [PATCH AUTOSEL 6.5 15/15] dm-crypt: start allocating with MAX_ORDER Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a0d06095be83 dfblob:8dcb8ca39767 )
 OR (
bs:"[PATCH AUTOSEL 6.5 07/15] zstd: Fix array-index-out-of-bounds UBSAN warning" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231122153340.852434-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=syzbot+1f2eb3e8cd123ffce499@syzkaller.appspotmail.com \
    --cc=terrelln@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox