Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4359902ybv; Tue, 25 Feb 2020 18:35:22 -0800 (PST) X-Google-Smtp-Source: APXvYqwEeyFR/KYxSLtOfn9GF73saYnhv4elm3F2VkAbqVOE7WIaJ36FDFmhH/M8kX6BWXAQ1U/D X-Received: by 2002:a9d:2028:: with SMTP id n37mr1332677ota.127.1582684522376; Tue, 25 Feb 2020 18:35:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582684522; cv=none; d=google.com; s=arc-20160816; b=rSdlmG+i+nExftTwaSsfXdhs5GT/dpov04yNSauObZQpDHf1BbWiAz3ANZvPhP4OcH LMh9y6DUCj+Rw0ugtZPqrPjEqBXlmKBzUAyqmcH0rMV+Tg45Xu8D5Hc02CRN5tVzHzoZ xbjbJx5foR/kc0BHfnKhz0PyKHzBwyKd0Bx8MbLgzMXEGuy+HTkl/pVUH2JsiUkqPodg wUKOf2H6Ok46sBsgsOCJ0JgqpEgfUCcgRGZcg4c5NITs7dS8JGy5Y3xnXM0c46dqQy4i 0adQu23N+ey9SdjL0TW8j8YupBc4ygKXL95dorBOsKAnRoEYL75Q2F81XzRu7tDWX9E8 uliQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=o+HI/7+8VT0xRyY4aiDTq2sc9oAySfYjpziHpYq5RZI=; b=sQSr2xW3wl4++jzh9AOuLGuFVX/KLEgQFvtEquZ1WgsGppcD08A4YpkF/YaxS4rd5J bI5LI6NYnGSdW4Y/Gk7BYEhpe7dPO4dnb9ToQoBd1MpT5Lvr+PV/zYfh+kjLsTIAKQO1 Z7p9qMqBws6AhEe8A21yXs0S+DRlf6H+aHun9cak6K6PANJht+CTJRwnkASKcp2xhCpu 9gto5IqNuR7dZxuOCdHLOa2qWdPBdM15Or0tS1ERzN8hO2a39GVKUrEt+RkM9lRlL5zV TkIkGd0EUYyH3g0+IbfwCmfknkNtVzAYAJN0IKqZIy4c8HbJj6dH1CIFtVuE8v2Rkobp cNZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=E41DcHsi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j15si357459oie.15.2020.02.25.18.35.09; Tue, 25 Feb 2020 18:35:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=E41DcHsi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729623AbgBZCfA (ORCPT + 99 others); Tue, 25 Feb 2020 21:35:00 -0500 Received: from mail.kernel.org ([198.145.29.99]:50204 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728989AbgBZCfA (ORCPT ); Tue, 25 Feb 2020 21:35:00 -0500 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7D7A821D7E; Wed, 26 Feb 2020 02:34:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582684499; bh=JhCEVeDFXJdMR838T0u81Xg3kHk4An75sj2PC5EQ3ww=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=E41DcHsi9w5s7qSvhMdEnFgIzPi3Zn0cxXHpbHfP9ELT5QIPpCZ2gLypzAofsZv0n kzOqBw8cegdWtVFwiPLJAcujP/8Lzyx+L2cH7duIIQbC7MeDcLgKE5/8reP6uf5zd+ eM3rP+3meboTEqOeCCjP7gfCJl3mIrhdz25qUZrI= Date: Tue, 25 Feb 2020 18:34:58 -0800 From: Eric Biggers To: Gao Xiang Cc: Chao Yu , linux-erofs@lists.ozlabs.org, Miao Xie , LKML , Lasse Collin Subject: Re: [PATCH 3/3] erofs: handle corrupted images whose decompressed size less than it'd be Message-ID: <20200226023458.GB1053@sol.localdomain> References: <20200226023011.103798-1-gaoxiang25@huawei.com> <20200226023011.103798-3-gaoxiang25@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200226023011.103798-3-gaoxiang25@huawei.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 26, 2020 at 10:30:11AM +0800, Gao Xiang wrote: > As Lasse pointed out, "Looking at fs/erofs/decompress.c, > the return value from LZ4_decompress_safe_partial is only > checked for negative value to catch errors. ... So if > I understood it correctly, if there is bad data whose > uncompressed size is much less than it should be, it can > leave part of the output buffer untouched and expose the > previous data as the file content. " > > Let's fix it now. > > Cc: Lasse Collin > Signed-off-by: Gao Xiang Shouldn't fixes like this have a Fixes tag and Cc stable? - Eric