Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree

From: Jeongjun Park
Date: Thu Apr 25 2024 - 08:44:50 EST

Next message: Dikshita Agarwal: "Re: [PATCH v3 15/19] media: venus: pm_helpers: Simplify vcodec clock handling"
Previous message: Rodolfo Giometti: "Re: [PATCH v3 1/1] pps: clients: gpio: Bypass edge's direction check when not needed"
In reply to: Matthew Wilcox: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Next in thread: Matthew Wilcox: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Through direct testing and debugging, I've determined that this
vulnerability occurs when mounting an incorrect image, leading to
the potential passing of an excessively large value to
'sbi->bmap->db_agl2size'. Importantly, there have been no instances
of memory corruption observed within 'sbi->bmap->db_agl2size'.

Therefore, I think implementing a patch that terminates the
function in cases where an invalid value is detected.

Thanks.

Next message: Dikshita Agarwal: "Re: [PATCH v3 15/19] media: venus: pm_helpers: Simplify vcodec clock handling"
Previous message: Rodolfo Giometti: "Re: [PATCH v3 1/1] pps: clients: gpio: Bypass edge's direction check when not needed"
In reply to: Matthew Wilcox: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Next in thread: Matthew Wilcox: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]