From: syzbot <syzbot+d80abb5b890d39261e72@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Forwarded: [PATCH] hfsplus: add debug printk to show uninitialized values in case_fold
Date: Tue, 20 Jan 2026 21:50:03 -0800 [thread overview]
Message-ID: <6970690b.a00a0220.3ad28e.4e2c.GAE@google.com> (raw)
In-Reply-To: <696ea368.a70a0220.34546f.04b7.GAE@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: [PATCH] hfsplus: add debug printk to show uninitialized values in case_fold
Author: kartikey406@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
This is a debug patch to demonstrate the uninit-value bug reported by
syzbot. Added printk in case_fold() to show what uninitialized values
are being read from the unicode array and used as array indices.
This patch intentionally does NOT include the fix (no initialization of
tmp variable) to demonstrate the bug behavior.
Link: https://syzkaller.appspot.com/bug?extid=d80abb5b890d39261e72
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
fs/hfsplus/unicode.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/fs/hfsplus/unicode.c b/fs/hfsplus/unicode.c
index d3a142f4518b..418806c27943 100644
--- a/fs/hfsplus/unicode.c
+++ b/fs/hfsplus/unicode.c
@@ -11,7 +11,6 @@
#include <linux/types.h>
#include <linux/nls.h>
-
#include <kunit/visibility.h>
#include "hfsplus_fs.h"
@@ -22,12 +21,18 @@
static inline u16 case_fold(u16 c)
{
u16 tmp;
-
+ pr_alert("CASE_FOLD: Input c=0x%04x, c>>8=0x%02x (this is array index!)\n", c, c >> 8);
tmp = hfsplus_case_fold_table[c >> 8];
- if (tmp)
+ pr_alert("CASE_FOLD: table[0x%02x]=0x%04x\n", c >> 8, tmp);
+
+ if (tmp) {
+ pr_alert("CASE_FOLD: Second lookup: table[0x%04x + 0x%02x]\n",tmp, c & 0xff);
tmp = hfsplus_case_fold_table[tmp + (c & 0xff)];
- else
+ } else {
tmp = c;
+ }
+ pr_alert("CASE_FOLD: Final result=0x%04x\n", tmp);
+
return tmp;
}
--
2.43.0
next prev parent reply other threads:[~2026-01-21 5:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 21:34 [syzbot] [hfs?] KMSAN: uninit-value in hfsplus_strcasecmp (2) syzbot
2026-01-20 4:33 ` Forwarded: [PATCH] hfsplus: fix uninit-value in hfsplus_strcasecmp syzbot
2026-01-21 5:15 ` Forwarded: [PATCH] hfsplus: add debug printk to show uninitialized values in case_fold syzbot
2026-01-21 5:24 ` syzbot
2026-01-21 5:50 ` syzbot [this message]
2026-01-22 8:42 ` Forwarded: [PATCH] hfsplus: add debug printk to show partial reads in hfs_brec_read syzbot
2026-01-22 23:34 ` syzbot
2026-02-11 15:05 ` Forwarded: [PATCH] hfsplus: fix uninit-value by validating catalog record size syzbot
2026-02-13 4:50 ` Forwarded: [PATCH v4] " syzbot
2026-02-21 4:59 ` Forwarded: [PATCH] " syzbot
2026-03-07 0:25 ` Forwarded: [PATCH v6] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6970690b.a00a0220.3ad28e.4e2c.GAE@google.com \
--to=syzbot+d80abb5b890d39261e72@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox