Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp578824rdg; Thu, 12 Oct 2023 14:31:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGeGX15DY0+5VxduTA7En+yEOsWhx4DAqZ34aAtyk5Qx7ioufh3XQuoZNTBJxVWnkTFY6/H X-Received: by 2002:a05:6a00:849:b0:68e:2c2a:5172 with SMTP id q9-20020a056a00084900b0068e2c2a5172mr33913100pfk.6.1697146279946; Thu, 12 Oct 2023 14:31:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697146279; cv=none; d=google.com; s=arc-20160816; b=bZYqHcjnoWJlgt5F+dRbSBl4pGGG9FZThAOEzae/XhnvEpvA7/1DRV9RTwiPzfpGwD uQ0/jXEUxqxTPChmjN5rteba6zU3Mo/MJgKZVK/kBeLfv0E4GW6mVVR78Wgi1hJJIz0X HHaR+qax2Hn9pBOfgt6TTBkB+kc7f2Aqg2E+yd1rsbi22V44JtwAVfmGlV2LUYiv2b2E hLMiIT7PGPNOrukOc/n1bNsmo5EYG+CyKbZYCT+br5qhOM9WfiwjyQZ9PfzyjMmFZoXi UcMcmccB9LTTz9urkPsPL6E/bYbfX7DOv4jbO6X/iVyaCjtz9iSp2NztyhaPRJA8U7KZ a6DQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Yd4EAPCUDqteVvPBzEw4y/R1EppHnpUiQatayG/T5e8=; fh=fjbdjbkLNOM+ORAziEO9sfcYeB1yYZhpEJdOUIEItcY=; b=qgzr4EfQncGCY9INB1j/WjzoYZeQ+CHcaU+DR5Ye99aY2jgzhW+hIfHM9K/Vk91B8E umEhBciCN4F5qdhazSTqwD1AGwnUZbpZed80yQES28BHlXZO1btZqrHYIsIySS/1nr/n CIT3JvkRPlXm7lAH03CIgIdQdzQ2hM/lDtj399B2XuxvBcj15SpxTbyc1HIz3iYWAVt1 r+jZyUPlAiLsUAAqjFt8hH5GB1SUjsMD//hPE1nr81SbhGPgj+bjtanvTmy21XpGR2xp upcw/ydqjhhT86mgGj1EXj5kmSceRzIUBhVT4YA7I0GcZ4fYaRO6gP6mmsmXqj6vc6Nm DRUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CwpDT8VY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id f11-20020a056a0022cb00b00690de92ffe3si705027pfj.309.2023.10.12.14.31.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 14:31:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CwpDT8VY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 29E5680BA7D5; Thu, 12 Oct 2023 14:31:17 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1442911AbjJLVbC (ORCPT + 99 others); Thu, 12 Oct 2023 17:31:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1442931AbjJLVa7 (ORCPT ); Thu, 12 Oct 2023 17:30:59 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FB87D7 for ; Thu, 12 Oct 2023 14:30:58 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-690d2441b95so1076861b3a.1 for ; Thu, 12 Oct 2023 14:30:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697146257; x=1697751057; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Yd4EAPCUDqteVvPBzEw4y/R1EppHnpUiQatayG/T5e8=; b=CwpDT8VYn/VMYnYlMvHHyEf5SH9nwPYbdAx8IZNKw3To2L/PyLcqBht3shxTqDsvgK FgfJRw+DF6xPpy73WQc/1ZtgXmFyKQpi2tR4LE0WTdHB1ftsoS9Ilrq0e2hvEGD6q7Xa iNgENGRJB4qH9KC4aRIuhyd6ojz3E1dsNHgllRb6dewcehSGZeisYY75zpsKObJlOeGd OGvhLRS3Xvi4ZBMb7Um3WzUe2dJVvSS55N5lOQTGTSJ8yGnZ1cvn5kbDpiCgDZ0RwyG/ VTDHPnFlrL7RlgxY73KZ8dv3uHKuYCLod6ZpuDvCkeao23Zxe69TJGqySOxn4mXPDmxf ydig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697146257; x=1697751057; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Yd4EAPCUDqteVvPBzEw4y/R1EppHnpUiQatayG/T5e8=; b=uVuqaCor0+fiH5LHR4wNLziLi2CV89jhkS0QGJ0kfhP3rchVJXHcrJDYh6AOsTOHr5 ITn7kDeSMtE/Qi1ANET/nmZr3j/uzDFIY/BdGzkEL699d+8bvb3v0vlHJ/ZZlT8SKaTf yiyYTsVqpMJQvh8vZSOE6WvxG8oWnoXlXSwCyq6bwZU92C1z2okfz8wCotyY6gOOHbIT y8ovBgJoV7QTcKWOT0zyDk+fpZE5u6TkjuG+ROsr61azVjB76sy6C/nuQdiqbsfE0W9n xAAI8IxuHJTZBi4yivWZQkaDh//uUw3KdQyfCdI/qwHoh0Hw92/B3z2hpps5X8eniP/j iv2w== X-Gm-Message-State: AOJu0YyHsKc3gwvMX6QaFHh9mtNj4CwGGNQaFiK8MWZoW+tDvfgse0KD GRb9o6xV9MlHU1hNLtbJKYPxWID8ZJs= X-Received: by 2002:a05:6a00:44c5:b0:6b1:5d1a:bd0c with SMTP id cv5-20020a056a0044c500b006b15d1abd0cmr1086103pfb.16.1697146257229; Thu, 12 Oct 2023 14:30:57 -0700 (PDT) Received: from nickserv.taila7d40.ts.net (c-98-42-1-155.hsd1.ca.comcast.net. [98.42.1.155]) by smtp.gmail.com with ESMTPSA id ka1-20020a056a00938100b006a6e0903dfesm6509024pfb.204.2023.10.12.14.30.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 14:30:56 -0700 (PDT) From: Nick Terrell To: linux-kernel@vger.kernel.org Cc: Nick Terrell , Nick Terrell , Kernel Team , Nick Terrell , syzbot+1f2eb3e8cd123ffce499@syzkaller.appspotmail.com, Eric Biggers , Kees Cook Subject: [PATCH] zstd: Fix array-index-out-of-bounds UBSAN warning Date: Thu, 12 Oct 2023 14:34:28 -0700 Message-ID: <20231012213428.1390905-1-nickrterrell@gmail.com> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 12 Oct 2023 14:31:17 -0700 (PDT) From: Nick Terrell Zstd used an array of length 1 to mean a flexible array for C89 compatibility. Switch to a C99 flexible array to fix the UBSAN warning. Tested locally by booting the kernel and writing to and reading from a BtrFS filesystem with zstd compression enabled. I was unable to reproduce the issue before the fix, however it is a trivial change. Reported-by: syzbot+1f2eb3e8cd123ffce499@syzkaller.appspotmail.com Reported-by: Eric Biggers Reported-by: Kees Cook Signed-off-by: Nick Terrell --- lib/zstd/common/fse_decompress.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/zstd/common/fse_decompress.c b/lib/zstd/common/fse_decompress.c index a0d06095be83..8dcb8ca39767 100644 --- a/lib/zstd/common/fse_decompress.c +++ b/lib/zstd/common/fse_decompress.c @@ -312,7 +312,7 @@ size_t FSE_decompress_wksp(void* dst, size_t dstCapacity, const void* cSrc, size typedef struct { short ncount[FSE_MAX_SYMBOL_VALUE + 1]; - FSE_DTable dtable[1]; /* Dynamically sized */ + FSE_DTable dtable[]; /* Dynamically sized */ } FSE_DecompressWksp; -- 2.42.0