Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1245865pxb; Fri, 21 Jan 2022 13:15:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJy/dUCLtAdHp/XOl+ADG2lZbs5pf3hFnrdVVNkXd0tSAG0JpC0QqWeQJ/6k3nK8tqlHtkxg X-Received: by 2002:a17:902:aa03:b0:14a:c57b:b570 with SMTP id be3-20020a170902aa0300b0014ac57bb570mr5473529plb.8.1642799705658; Fri, 21 Jan 2022 13:15:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642799705; cv=none; d=google.com; s=arc-20160816; b=M06tIX+ynpmCcSTjQJGdG7JqPtA8ROwW7Yeaj1X3KJMgGbO/pfhB/AKITEDYEqkpk9 6MmlepQghW5emozjvkmNWAJcwvPDj+ZhwQWLBSB05LOzdDTePh25ivwiU0AexpPV+tCk 6O2ePWULIaczPd6TQ5S0jVQ06A6fzOx7060/VQ7YPz2AlPKh/vYwDFvzZJ8G4WCSg3OG 5yd6PLqo8g4n4lLaCi3501Y6aP61KHam3UYak83jNevAlDtGugBVmeiM5KQGQSdutnAp 3JzmM/HKzS9+azyFCGINSBWoMs0VAiVog/wvD2kNxBKxuHHdLclWhFtZxXZUbru3kBjC jNWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=iH41Gzu/agHsIO/y6ZPZo8cdqCJ8trVbq2kWvIiZ/CY=; b=J8kjoFsoX2eYuvefArIhaOa9cRhQJt1Ebgg12/dwgXph1bXg7Dyhe+gEClx9DyaVfI 18Le2j2C65KALULxLPD40un0Cx9qokLyquu6FOqCbU0wKSl18KEbK0uSljm6isChjLyS 5veAnahQ1Q6efFIrTQnVIaapLadA5U8slCE/PWvGAYpnESRbgby65SgZe8p8cqTiPpo1 ViEM0JnrHKfUxoR+vdRhaUW3vWM2opcf1ZwvIggr9pvH5GBlUGFDHuvNuJKYSMYE51rq qILuj1k4448h7pal4GcAJuLpgoCsoMsCDn8Pjgz1yxnWs/6rnXvKFTGY2T0Qx6NO/VW8 gnWw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id nu3si8423765pjb.74.2022.01.21.13.14.53; Fri, 21 Jan 2022 13:15:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359711AbiATKBD (ORCPT + 99 others); Thu, 20 Jan 2022 05:01:03 -0500 Received: from hust.edu.cn ([202.114.0.240]:6359 "EHLO hust.edu.cn" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S238429AbiATKBB (ORCPT ); Thu, 20 Jan 2022 05:01:01 -0500 X-Greylist: delayed 615 seconds by postgrey-1.27 at vger.kernel.org; Thu, 20 Jan 2022 05:01:01 EST Received: from localhost.localdomain ([172.16.0.254]) (user=dzm91@hust.edu.cn mech=LOGIN bits=0) by mx1.hust.edu.cn with ESMTP id 20K9nKP2008038-20K9nKP5008038 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 20 Jan 2022 17:49:31 +0800 From: Dongliang Mu To: Anton Altaparmakov Cc: Dongliang Mu , syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com, linux-ntfs-dev@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: [PATCH] ntfs: add sanity check on allocation size Date: Thu, 20 Jan 2022 17:49:14 +0800 Message-Id: <20220120094914.47736-1-dzm91@hust.edu.cn> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-FEAS-AUTH-USER: dzm91@hust.edu.cn Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dongliang Mu ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size. Reported-by: syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com Signed-off-by: Dongliang Mu --- fs/ntfs/inode.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c index 4474adb393ca..517b71c73aa9 100644 --- a/fs/ntfs/inode.c +++ b/fs/ntfs/inode.c @@ -1881,6 +1881,10 @@ int ntfs_read_inode_mount(struct inode *vi) } /* Now allocate memory for the attribute list. */ ni->attr_list_size = (u32)ntfs_attr_size(a); + if (!ni->attr_list_size) { + ntfs_error(sb, "Attr_list_size is zero"); + goto put_err_out; + } ni->attr_list = ntfs_malloc_nofs(ni->attr_list_size); if (!ni->attr_list) { ntfs_error(sb, "Not enough memory to allocate buffer " -- 2.25.1