From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD91336C9ED for ; Sun, 8 Mar 2026 16:50:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772988623; cv=none; b=n3rT4lRVBem/346cFhZQJNY9j3JWMl/VF+diTqV2y97/HS5blneqN3EZ4OP/FZaNxs1JbhK7rT+Fpc9ZyIQmgdtR4EE+y1hFmsL8FBF0Oi7FblQIiRc1ZotnJqqnT04v1hSEyMEf7uq3YQqGf3RmQ1ZGyCmBzEQxlu33bONmid0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772988623; c=relaxed/simple; bh=nso38ySxEjd27YbQdvcq1I8UyWQNXedUHPjUzwK9OgU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=FPWx9hEUD6+JiF1Q2cWzj1N0YTclbkNKE6szEHHxAihRTAl6T1GvCZRYKQDB+hY8ONMb7HBClWUBd+0JO24Dw918WZ4QDLypFEiKcHujyG6SfUrWS7Cn0NV4wuKMcPUH54dWzlMI211NPId9ep2EVkY3WifRwv2ZpCs5j8BggX0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FsZ73GGs; arc=none smtp.client-ip=209.85.222.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FsZ73GGs" Received: by mail-qk1-f179.google.com with SMTP id af79cd13be357-8cd751a4e93so93658685a.0 for ; Sun, 08 Mar 2026 09:50:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772988615; x=1773593415; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=inBXMytnAMaKuLHafzKEh58vI9EJu3oy8Php1PgjimM=; b=FsZ73GGsbi+40qyonMkNYCKcH6tFIG9Bm6xcnEUTvYs8EulAu5196bQJ7M8SEH9YAY MYMvcsSyEdVb72M2bZFvp1M2YHLIW1Mu2II5qFaTS5PJ0WnBiwsdyld092ECiqZLqj/m iU2iLvDiUs7EbXFFJNH2ACNkFWVZukV6oUzewRIxg+W3MsfTP1P9TcEnhWoETNHeqXtp f6oMypkrzXRmF2Xt2lQYPuuVhOFQ3gumGvdeCI7vYiX/ZAvsupNkFQ4dKQPxpBAHhs1T HLMUNnuwyQdXd3ArzOXoPz1XPogkK8oDvqFAeXhD161cPHbVh9ztJkVfTdfRlteQywsq p2fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772988615; x=1773593415; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=inBXMytnAMaKuLHafzKEh58vI9EJu3oy8Php1PgjimM=; b=oI69L6CksbePbIRDYTBHRVL8yvAkhvF8YIqzFUz0ycDZRZFaBPSbbeqrBOAKqIRA/c l4pQJwl6ycYHbVcQaYlgonzUnfNQCiP1B1h6X7VvaNcXw5smAwatFXM3nD1zpkl0cCZj P2HRdKLuAdOw0SdwlcAFVzbSMj1hP1gGetZPsrkCyYgVp/FK2qAAbFM5mkhWySf/ar/v nWt7f3HF9jOnBsothmzsPGcg1NIdE44h+SHt3n1+Smfq6XeZzGXB3EUsmjSoFhpoyTVZ 4JEWdeaKcYqd3g/spmEq74A8wwhv0soEIvYbOK5+FJPhk6JSiHWVaUHv4WMkWL06uiya mGgw== X-Gm-Message-State: AOJu0Yy3WYLxV6Z9+97p+DLmJgPWEvVsr/Bac9GA0fbhlBPfJBlJkLKY +swg8L4KcbsmhVpNkKJeitI73QNIdDsxxTcRri7CB2+hRp3m2uwSpS9jGuKvg4odwMk= X-Gm-Gg: ATEYQzzpmpzEAZxEbCOs/uECTpdDYBeyS9IeVmIhMVbyygXVpr23+Q9yuYgiXbu57Zg LjweIPrHG66El2Am+89IS6pOauNw35njJTz6FivlIXKXDT/cV+KGubf/QMOfPO3ZKr0yBuH9xFK kIWNWti542cWbdL8WM7YOO5LUWDGIbhfKJfAAJp+WZcz8tPT+nN/xXntb3oLQGA4qECy7ivC8ed cKfpJEw/SsgaaPbMZ7INFadA9x4cs3/Rbmfo6JiNPhIJ8kc2WOYXz8hKreJZ0FAJD269P58DYyB 5fzYVLlkSbVQ6Krto+I8ClBMPqodY9Hz2n3TtyEZk0RkU/Z8OKfxDV2TK7hWqIHpUza4n5Q2ARf QDjvtu3iA9vM8MrkM/bFWCa9Z2QhEir3yVHQugFzsGyrjWgRYaY7Mf/HfcO8qoGqx4OE+yB1Qmd 6D7S+kahBD/nZoxBLY0Xq/6xurST2YMyJJa2NdtTw4pDDKNjDbmPekFFbwVHa2XJQRAoFDBnnby igH X-Received: by 2002:a05:620a:3911:b0:8c0:af6c:fdfa with SMTP id af79cd13be357-8cd6d322a40mr990044385a.3.1772988615204; Sun, 08 Mar 2026 09:50:15 -0700 (PDT) Received: from instance-20260207-1316.vcn12250046.oraclevcn.com ([150.136.248.187]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8cd6f54e333sm577163385a.35.2026.03.08.09.50.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Mar 2026 09:50:13 -0700 (PDT) From: Josh Law X-Google-Original-From: Josh Law To: Andrew Morton Cc: linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH] lib: decompress_bunzip2: fix 32-bit shift undefined behavior Date: Sun, 8 Mar 2026 16:50:12 +0000 Message-ID: <20260308165012.2872633-1-objecting@objecting.org> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Josh Law Fix undefined behavior caused by shifting a 32-bit integer by 32 bits during decompression. This prevents potential kernel decompression failures or corruption when parsing malicious or malformed bzip2 archives. Signed-off-by: Josh Law --- lib/decompress_bunzip2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/decompress_bunzip2.c b/lib/decompress_bunzip2.c index ca736166f100..1288f146661f 100644 --- a/lib/decompress_bunzip2.c +++ b/lib/decompress_bunzip2.c @@ -135,7 +135,7 @@ static unsigned int INIT get_bits(struct bunzip_data *bd, char bits_wanted) } /* Avoid 32-bit overflow (dump bit buffer to top of output) */ if (bd->inbufBitCount >= 24) { - bits = bd->inbufBits&((1 << bd->inbufBitCount)-1); + bits = bd->inbufBits & ((1ULL << bd->inbufBitCount) - 1); bits_wanted -= bd->inbufBitCount; bits <<= bits_wanted; bd->inbufBitCount = 0; @@ -146,7 +146,7 @@ static unsigned int INIT get_bits(struct bunzip_data *bd, char bits_wanted) } /* Calculate result */ bd->inbufBitCount -= bits_wanted; - bits |= (bd->inbufBits >> bd->inbufBitCount)&((1 << bits_wanted)-1); + bits |= (bd->inbufBits >> bd->inbufBitCount) & ((1ULL << bits_wanted) - 1); return bits; } -- 2.43.0