Re: [PATCH v2] erofs: fix general protection fault when reading fragment
From: Gao Xiang
Date: Sun Nov 06 2022 - 22:04:54 EST
On Fri, Oct 21, 2022 at 04:53:25PM +0800, Yue Hu wrote:
> From: Yue Hu <huyue2@xxxxxxxxxxx>
>
> As syzbot reported [1], the fragment feature sb flag is not set, so
> packed_inode != NULL needs to be checked in z_erofs_read_fragment().
>
> [1] https://lore.kernel.org/all/0000000000002e7a8905eb841ddd@xxxxxxxxxx/
>
> Reported-by: syzbot+3faecbfd845a895c04cb@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 08a0c9ef3e7e ("erofs: support on-disk compressed fragments data")
> Signed-off-by: Yue Hu <huyue2@xxxxxxxxxxx>
Reviewed-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>
Thanks,
Gao Xiang
> ---
> v2: fix return value to -EFSCURRUPTED (Xiang)
>
> fs/erofs/zdata.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
> index cce56dde135c..55c13cd6934b 100644
> --- a/fs/erofs/zdata.c
> +++ b/fs/erofs/zdata.c
> @@ -659,6 +659,9 @@ static int z_erofs_read_fragment(struct inode *inode, erofs_off_t pos,
> u8 *src, *dst;
> unsigned int i, cnt;
>
> + if (!packed_inode)
> + return -EFSCORRUPTED;
> +
> pos += EROFS_I(inode)->z_fragmentoff;
> for (i = 0; i < len; i += cnt) {
> cnt = min_t(unsigned int, len - i,
> --
> 2.17.1