From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Dongliang Mu <mudongliangabcd@gmail.com>,
syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com,
Anton Altaparmakov <anton@tuxera.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>,
linux-ntfs-dev@lists.sourceforge.net
Subject: [PATCH AUTOSEL 5.15 16/16] ntfs: add sanity check on allocation size
Date: Mon, 28 Mar 2022 15:42:59 -0400 [thread overview]
Message-ID: <20220328194300.1586178-16-sashal@kernel.org> (raw)
In-Reply-To: <20220328194300.1586178-1-sashal@kernel.org>
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 714fbf2647b1a33d914edd695d4da92029c7e7c0 ]
ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation
size. It triggers one BUG in the __ntfs_malloc function.
Fix this by adding sanity check on ni->attr_list_size.
Link: https://lkml.kernel.org/r/20220120094914.47736-1-dzm91@hust.edu.cn
Reported-by: syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Acked-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs/inode.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index 4474adb393ca..517b71c73aa9 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1881,6 +1881,10 @@ int ntfs_read_inode_mount(struct inode *vi)
}
/* Now allocate memory for the attribute list. */
ni->attr_list_size = (u32)ntfs_attr_size(a);
+ if (!ni->attr_list_size) {
+ ntfs_error(sb, "Attr_list_size is zero");
+ goto put_err_out;
+ }
ni->attr_list = ntfs_malloc_nofs(ni->attr_list_size);
if (!ni->attr_list) {
ntfs_error(sb, "Not enough memory to allocate buffer "
--
2.34.1
prev parent reply other threads:[~2022-03-28 19:48 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 19:42 [PATCH AUTOSEL 5.15 01/16] atomics: Fix atomic64_{read_acquire,set_release} fallbacks Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 02/16] locking/lockdep: Iterate lock_classes directly when reading lockdep files Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 03/16] ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 04/16] ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 05/16] sched/tracing: Don't re-read p->state when emitting sched_switch event Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 06/16] sched/tracing: Report TASK_RTLOCK_WAIT tasks as TASK_UNINTERRUPTIBLE Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 07/16] ext4: don't BUG if someone dirty pages without asking ext4 first Sasha Levin
2022-03-28 19:43 ` syzbot
2022-03-28 19:42 ` [f2fs-dev] [PATCH AUTOSEL 5.15 08/16] f2fs: fix to do sanity check on curseg->alloc_type Sasha Levin
2022-03-28 19:42 ` Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 09/16] NFSD: Fix nfsd_breaker_owns_lease() return values Sasha Levin
2022-03-28 19:42 ` [f2fs-dev] [PATCH AUTOSEL 5.15 10/16] f2fs: don't get FREEZE lock in f2fs_evict_inode in frozen fs Sasha Levin
2022-03-28 19:42 ` Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 11/16] btrfs: harden identification of a stale device Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 12/16] btrfs: make search_csum_tree return 0 if we get -EFBIG Sasha Levin
2022-03-28 19:42 ` [f2fs-dev] [PATCH AUTOSEL 5.15 13/16] f2fs: use spin_lock to avoid hang Sasha Levin
2022-03-28 19:42 ` Sasha Levin
2022-03-28 19:42 ` [f2fs-dev] [PATCH AUTOSEL 5.15 14/16] f2fs: compress: fix to print raw data size in error path of lz4 decompression Sasha Levin
2022-03-28 19:42 ` Sasha Levin
2022-03-28 19:42 ` [PATCH AUTOSEL 5.15 15/16] Adjust cifssb maximum read size Sasha Levin
2022-03-28 19:42 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328194300.1586178-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=anton@tuxera.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-ntfs-dev@lists.sourceforge.net \
--cc=mudongliangabcd@gmail.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.