[lvc-project] [PATCH] jfs: validate index table entry in add_missing_indices()
Dmitry Antipov
dmantipov at yandex.ru
Thu Sep 25 09:25:39 MSK 2025
Since the directory root page contains no more than 9 page slots,
index table values larger than 8 should be considered as invalid.
Doing an extra check in 'add_missing_indices()' prevents from the
weird crash caused by overwriting an inode data with a bogus value
interpreted as a pointer outside of a kernel address space.
Reported-by: syzbot+dcc068159182a4c31ca3 at syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=dcc068159182a4c31ca3
Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
---
fs/jfs/jfs_dtree.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index ab11849cf9cc..326cf547df12 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -2647,7 +2647,8 @@ static int add_missing_indices(struct inode *inode, s64 bn)
stbl = DT_GETSTBL(p);
for (i = 0; i < p->header.nextindex; i++) {
- if (stbl[i] < 0) {
+ if ((stbl[i] < 0) ||
+ ((p->header.flag & BT_ROOT) && stbl[i] > 8)) {
jfs_err("jfs: add_missing_indices: Invalid stbl[%d] = %d for inode %ld, block = %lld",
i, stbl[i], (long)inode->i_ino, (long long)bn);
rc = -EIO;
--
2.51.0
More information about the lvc-project
mailing list