[PATCH] fs/erofs: fix an overflow issue of unmapped extents

Jianan Huang jnhuang95 at gmail.com
Thu Jun 6 00:05:54 AEST 2024


Here the size should be `length - skip`, otherwise it could cause
the destination buffer overflow.

Reported-by: jianqiang wang <wjq.sec at gmail.com>
Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support")
Signed-off-by: Jianan Huang <jnhuang95 at gmail.com>
---
 fs/erofs/data.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/erofs/data.c b/fs/erofs/data.c
index f4b21d7917..95b609d8ea 100644
--- a/fs/erofs/data.c
+++ b/fs/erofs/data.c
@@ -313,7 +313,7 @@ static int z_erofs_read_data(struct erofs_inode *inode, char *buffer,
 		}
 
 		if (!(map.m_flags & EROFS_MAP_MAPPED)) {
-			memset(buffer + end - offset, 0, length);
+			memset(buffer + end - offset, 0, length - skip);
 			end = map.m_la;
 			continue;
 		}
-- 
2.34.1



More information about the Linux-erofs mailing list