[PATCH 0/1] hfs: discuss to add offset/length validation in hfs_brec_lenoff

From: Chenzhi Yang
Date: Mon Aug 18 2025 - 10:36:12 EST

Next message: Jonathan Denose: "[PATCH v2 08/11] HID: haptic: add functions handling events"
Previous message: Geert Uytterhoeven: "Re: [PATCH 06/13] arm64: dts: renesas: r9a09g087m44-rzn2h-evk: Add user LEDs"
Next in thread: Chenzhi Yang: "[PATCH 1/1] hfs: validate record offset in hfsplus_bmap_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yang Chenzhi <yang.chenzhi@xxxxxxxx>

When running syzbot with a crafted HFS/HFS+ disk image containing
invalid record offsets or lengths, the filesystem may hang. For
example, in this case syzbot set the header’s second record offset
to 0x7f00 while node_size is 4096. HFS/HFS+ failed to detect this
fault, which eventually led to a crash.

Since HFS/HFS+ makes heavy use of hfs_brec_lenoff, adding manual
offset/length checks at every call site would be tedious and
error-prone.

Instead, it may be more robust to introduce validation directly
inside hfs_brec_lenoff (or at a similar central point), ensuring
that all callers can safely rely on the returned offset and length
without additional checks.

Yang Chenzhi (1):
hfs: validate record offset in hfsplus_bmap_alloc

fs/hfsplus/bnode.c | 41 ----------------------------------------
fs/hfsplus/btree.c | 6 ++++++
fs/hfsplus/hfsplus_fs.h | 42 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 48 insertions(+), 41 deletions(-)

--
2.43.0

Next message: Jonathan Denose: "[PATCH v2 08/11] HID: haptic: add functions handling events"
Previous message: Geert Uytterhoeven: "Re: [PATCH 06/13] arm64: dts: renesas: r9a09g087m44-rzn2h-evk: Add user LEDs"
Next in thread: Chenzhi Yang: "[PATCH 1/1] hfs: validate record offset in hfsplus_bmap_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]