[PATCH] erofs: include the trailing NUL in FS_IOC_GETFSLABEL
Chunhai Guo
guochunhai at vivo.com
Thu Apr 2 17:46:13 AEDT 2026
On 4/1/2026 2:13 PM, Zhan Xusheng wrote:
> erofs_ioctl_get_volume_label() passes strlen(sbi->volume_name) as
> the length to copy_to_user(), which copies the label string without
> the trailing NUL byte. Since FS_IOC_GETFSLABEL callers expect a
> NUL-terminated string in the FSLABEL_MAX-sized buffer and may not
> pre-zero the buffer, this can cause userspace to read past the label
> into uninitialised stack memory.
>
> Fix this by using strlen() + 1 to include the NUL terminator,
> consistent with how ext4 and xfs implement FS_IOC_GETFSLABEL.
>
> Signed-off-by: Zhan Xusheng <zhanxusheng at xiaomi.com>
>
Reviewed-by: Chunhai Guo <guochunhai at vivo.com>
Thanks,
More information about the Linux-erofs
mailing list