| Message ID | 20230414061810.6479-1-jefflexu@linux.alibaba.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp169073vqo;
Thu, 13 Apr 2023 23:26:46 -0700 (PDT)
X-Google-Smtp-Source:
AKy350Yzqhzh+of2m4RJHca5LV+bpllGozF6zpB4nos986pQvUQTGAZS+kH2jlUzU9X+GD8nblls
X-Received: by 2002:a17:90a:b30d:b0:234:7ccf:3c7c with SMTP id
d13-20020a17090ab30d00b002347ccf3c7cmr4836789pjr.9.1681453606601;
Thu, 13 Apr 2023 23:26:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681453606; cv=none;
d=google.com; s=arc-20160816;
b=Tc7Cfn2Hg48Uz2T/bpPi8CRIsILbUG9rHb1NgJkTn/ZxKmTvUQN0/NFFt2FHbb8BbJ
ISR8IwxiyaDVe0F16n4D3cQ7tdAIZjcK0S/8ml+Btd0Vb2QJUQmljGSFT88vqGGxav0Z
qbIVJBCSXyN7sW34GHSAPb7aYRr+VvXeFrcROPfbAsWS7twxKR6cNgh/6VMfm/Ps1P9x
lSGeQsOPmYMwyl6f4YfWQTjpLAKAcG7H4foUTCs8YokTAkNrKkXcnIR/sLE3uDdcDW8q
wgGYSr/RCJyrQR0AhcLW8uwKDsFQtWOcHbdOQsHz/xjPq1KQyYm2LsXHqoRPGpKOGs6B
NxxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=48sXrKqy44cmSJdpxPOcr0v2BHXau9SfsrS0Tl7HRpk=;
b=AWnqnItxnA8ogQ7vk9KclN97gc4/2sefq3wIz2uUfA1vxq6JiMOa8RUp873YN8eJOV
CrNcywDaRLBhkg8SBSWpMCh5Haegm7Hr38IOXXCgNDd2fDf4RTxe8fffIcf8seili9/k
rIDv4DXsOwIKeAwBTkRPWsbZlzUfLmRLXcRvAkkUmSXdTwmbTaAkQFvoHvpwQP7P4Suq
6ORaTmVlqjxDbVauhSM1wGfGrNtMqt93dp0DFhg4BEuIhkBUQUKsn3cp8FHFtQ3gcKeV
CxaogR36hENAqqzNzeWooGubIose4sHiTa4QY+rUqQn20fVfOc/UPo8bRH89yzAb3SVU
Cg0g==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
ob8-20020a17090b390800b00246fe4e326dsi6521198pjb.81.2023.04.13.23.26.34;
Thu, 13 Apr 2023 23:26:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229793AbjDNGS1 (ORCPT <rfc822;leviz.kernel.dev@gmail.com>
+ 99 others); Fri, 14 Apr 2023 02:18:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51702 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229598AbjDNGSZ (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 14 Apr 2023 02:18:25 -0400
Received: from out30-101.freemail.mail.aliyun.com
(out30-101.freemail.mail.aliyun.com [115.124.30.101])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 808FB72B3
for <linux-kernel@vger.kernel.org>;
Thu, 13 Apr 2023 23:18:13 -0700 (PDT)
X-Alimail-AntiSpam:
AC=PASS;BC=-1|-1;BR=01201311R371e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045192;MF=jefflexu@linux.alibaba.com;NM=1;PH=DS;RN=5;SR=0;TI=SMTPD_---0Vg2OjnN_1681453090;
Received: from localhost(mailfrom:jefflexu@linux.alibaba.com
fp:SMTPD_---0Vg2OjnN_1681453090)
by smtp.aliyun-inc.com;
Fri, 14 Apr 2023 14:18:11 +0800
From: Jingbo Xu <jefflexu@linux.alibaba.com>
To: xiang@kernel.org, chao@kernel.org, huyue2@coolpad.com,
linux-erofs@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] erofs: fix potential overflow calculating xattr_isize
Date: Fri, 14 Apr 2023 14:18:10 +0800
Message-Id: <20230414061810.6479-1-jefflexu@linux.alibaba.com>
X-Mailer: git-send-email 2.19.1.6.gb485710b
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,
ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1763131897276487061?=
X-GMAIL-MSGID: =?utf-8?q?1763131897276487061?=
|
| Series |
erofs: fix potential overflow calculating xattr_isize
|
|
Commit Message
Jingbo Xu
April 14, 2023, 6:18 a.m. UTC
Given on-disk i_xattr_icount is 16 bits and xattr_isize is calculated
from i_xattr_icount multiplying 4, xattr_isize has a theoretical maximum
of 256K (64K * 4).
Thus declare xattr_isize as unsigned int to avoid the potential overflow.
Fixes: bfb8674dc044 ("staging: erofs: add erofs in-memory stuffs")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
---
fs/erofs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 2023/4/14 14:18, Jingbo Xu wrote: > Given on-disk i_xattr_icount is 16 bits and xattr_isize is calculated > from i_xattr_icount multiplying 4, xattr_isize has a theoretical maximum > of 256K (64K * 4). > > Thus declare xattr_isize as unsigned int to avoid the potential overflow. > > Fixes: bfb8674dc044 ("staging: erofs: add erofs in-memory stuffs") > Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Thanks for catching this! Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com> Thanks, Gao Xiang > --- > fs/erofs/internal.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h > index 8a563374b518..c86241a32ab3 100644 > --- a/fs/erofs/internal.h > +++ b/fs/erofs/internal.h > @@ -306,7 +306,7 @@ struct erofs_inode { > > unsigned char datalayout; > unsigned char inode_isize; > - unsigned short xattr_isize; > + unsigned int xattr_isize; > > unsigned int xattr_shared_count; > unsigned int *xattr_shared_xattrs;
On 2023/4/14 14:18, Jingbo Xu wrote: > Given on-disk i_xattr_icount is 16 bits and xattr_isize is calculated > from i_xattr_icount multiplying 4, xattr_isize has a theoretical maximum > of 256K (64K * 4). > > Thus declare xattr_isize as unsigned int to avoid the potential overflow. > > Fixes: bfb8674dc044 ("staging: erofs: add erofs in-memory stuffs") > Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com> Good catch! Reviewed-by: Chao Yu <chao@kernel.org> Thanks,
diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h index 8a563374b518..c86241a32ab3 100644 --- a/fs/erofs/internal.h +++ b/fs/erofs/internal.h @@ -306,7 +306,7 @@ struct erofs_inode { unsigned char datalayout; unsigned char inode_isize; - unsigned short xattr_isize; + unsigned int xattr_isize; unsigned int xattr_shared_count; unsigned int *xattr_shared_xattrs;