Re: [PATCH] jffs2: check the validity of dstlen in jffs2_zlib_compress()

From: Richard Weinberger
Date: Thu Jan 28 2021 - 06:23:40 EST

Next message: Hsin-Yi Wang: "[PATCH v12 0/8] drm/mediatek: add support for mediatek SOC MT8183"
Previous message: Miaohe Lin: "[PATCH] mm/hugetlb: Fix some comment typos"
In reply to: Joakim Tjernlund: "Re: [PATCH] jffs2: check the validity of dstlen in jffs2_zlib_compress()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Ursprüngliche Mail -----
> Von: "Joakim Tjernlund" <Joakim.Tjernlund@xxxxxxxxxxxx>
> An: "menglong8 dong" <menglong8.dong@xxxxxxxxx>, "David Woodhouse" <dwmw2@xxxxxxxxxxxxx>
> CC: "yang yang29" <yang.yang29@xxxxxxxxxx>, "stable" <stable@xxxxxxxxxxxxxxx>, "linux-kernel"
> <linux-kernel@xxxxxxxxxxxxxxx>, "richard" <richard@xxxxxx>, "linux-mtd" <linux-mtd@xxxxxxxxxxxxxxxxxxx>
> Gesendet: Donnerstag, 28. Januar 2021 12:17:34
> Betreff: Re: [PATCH] jffs2: check the validity of dstlen in jffs2_zlib_compress()

> On Thu, 2021-01-28 at 02:55 -0800, menglong8.dong@xxxxxxxxx wrote:
>> From: Yang Yang <yang.yang29@xxxxxxxxxx>
>>
>> KASAN reports a BUG when download file in jffs2 filesystem.It is
>> because when dstlen == 1, cpage_out will write array out of bounds.
>> Actually, data will not be compressed in jffs2_zlib_compress() if
>> data's length less than 4.
>
> Ouch, data corruption will ensue. Good find!
> I think this needs to go to stable as well.

Indeed! Do you know whether this is a regression?
Seems to be like that since ever.

Thanks,
//richard

Next message: Hsin-Yi Wang: "[PATCH v12 0/8] drm/mediatek: add support for mediatek SOC MT8183"
Previous message: Miaohe Lin: "[PATCH] mm/hugetlb: Fix some comment typos"
In reply to: Joakim Tjernlund: "Re: [PATCH] jffs2: check the validity of dstlen in jffs2_zlib_compress()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]