Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp4475142rdb; Fri, 29 Dec 2023 03:14:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IE6OUooCwLrZleq0gSIfF8KNP0tsCT8ddXDTQ56/uVBAP2sjMGhvdMuJas7KZ84J+H82D1z X-Received: by 2002:a05:620a:1362:b0:781:5efd:403b with SMTP id d2-20020a05620a136200b007815efd403bmr4667073qkl.13.1703848497517; Fri, 29 Dec 2023 03:14:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703848497; cv=none; d=google.com; s=arc-20160816; b=Spqn8ACzMXS7DIrRkwQ3sfGB20YKA9LUyMzSoGp8ul4/lIexjAQxxbYdFCCaz+JhOw QPfAvMnyhwZKVLgO4DIuDTBeqH2ygV9MNQZTGimF+UzzcxYUsJEAvVoSlFYpzJhVEoPu DLawfmQMo32ZSayyPnEaefkQRVTfEedLZOJztlfVpJPD60uvx0bUASaE9PSWmXzf2fCf Wa6GgB/hDZcDu39QNGWC8VThJMu6/I/8DEhe4nhx2TxKgM6VLY8aNMgzO4Au0/ejfjo2 7ca+VPduwebeWOaanTtULbuu+ZYH30W3XnbDCwzw/6q08AY+UGCWosuBlV8odTRb+9sS mpSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=IWLItomP6GEXQZbCwu1A31BjXLnz2T16xYfN+yaLlRY=; fh=NDN2OiwC5ceJNzHYVgK2GZVGfeTMIE0XgjMS9H27Pro=; b=B1ebLDz/cvo2KOoy1P49q886UOZYkIJgfj5LfkJOzr5zfNjVS//68+qnx+ferS2ydU fTn4TIiNk8ii2Yeso/fA8ugFH6Dlls46Z2Ir3qBzC3Vn3Bb9aQro4xZV4wxaVLpC3EHW h2deoDV5TwseECUvXgqp6q6Zo3rqzWUHo7FOVT25MT4CHTpLoQcO3fVoXfMWpnO7Vz+E Xnde88ey2MOjW5dL5vQjf+j6mpOWXnPMSZA13yKnwkeaIFGxOpto7Ym1hi8spk5Bxx7a H/lb5oj2aAFXVLDlpRKDjTwelHcZ7GAeQkbCBlZ5rkwmU9o795+1tK8X7JmVYZPcYLcA 70jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=QJvn+Ikd; spf=pass (google.com: domain of linux-kernel+bounces-13055-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13055-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id u20-20020a05620a455400b0077f0972eeb3si16379467qkp.638.2023.12.29.03.14.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Dec 2023 03:14:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-13055-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=QJvn+Ikd; spf=pass (google.com: domain of linux-kernel+bounces-13055-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13055-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 000931C22365 for ; Fri, 29 Dec 2023 11:14:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4265D1118C; Fri, 29 Dec 2023 11:14:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="QJvn+Ikd" X-Original-To: linux-kernel@vger.kernel.org Received: from out203-205-251-60.mail.qq.com (out203-205-251-60.mail.qq.com [203.205.251.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 199D410A1B; Fri, 29 Dec 2023 11:14:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1703848181; bh=IWLItomP6GEXQZbCwu1A31BjXLnz2T16xYfN+yaLlRY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=QJvn+IkdOAsfSxK8m39N+yRtFLYxVqIHzWBqyj6n14fVL+q4JAUW7PmiUnfShmzUA jR6C+I2qw6yQgKK+dtmmugRUcM6uY8l9ITgBXpNF1dGRPmqX3DPNzvbe0pZufsJDOo z9P/GizC5IL0BN5PcGyTFWBAgl9FhUvHWaoKo8Dc= Received: from pek-lxu-l1.wrs.com ([111.198.225.215]) by newxmesmtplogicsvrsza7-0.qq.com (NewEsmtp) with SMTP id 266AE21D; Fri, 29 Dec 2023 19:09:38 +0800 X-QQ-mid: xmsmtpt1703848178tler3y48n Message-ID: X-QQ-XMAILINFO: OKKHiI6c9SH39IW5HizR2sWu+zJcP3A71yxExmFmhU/mUvv0aGo++xNpfn7PSz H0JdlsXhnCdg4V1KzL6pRBg7xd7kL7/AxPr1KYTqzA65gJjwcp+tczR3xCtMYStXSX3M6BJ2UELk ynGqHqPXvkUTwWRwVRvGCphwYqBF8vS7dxaXTFrWJfBPS1DQleBFYVI4W4d8A5qH0mPpjKWbeLdr KSc0J/wSRsNEsrTvJWwz9gjGf1OaSUdv0EQabUK/7QhqKtelMwrvcMdFAzeap9f+jcAb9aVem2Xg WhpCpM/wV0wqhnbTOvInTkUOTJhMCCriMCiCji08CIYg/NCEGMZsRG+B2U7VmaydfSJJqbMubUFB XabmIqXi9BDpce7JuVMoWLdxY6PXkI2IzM5zRAAYusI5oXBWsFtCSzoSiOe6AHJ9SbKI4IgBwjWw F1ZlT8HEoHgmW4HqKeJvUVl9daW1wtoi9A8f9clR16R/cmJWPri1Uca+sVVNBU984s/WO8eB8Gib BLyOgKANBQYIbdIAZmxstFzHe6tzUk2hLFjFqVMLqn7A8/3vIlURrul+l5OWrtISAopif4YJywDP sLUiVXxo9SmyzNe2xjAZjUq5HgVBuXotNdWD9Wqp5MgERLGNzoiFz/bONnKhRDyKbH5vchdqaRev vSxDA2LOvEeyg60sHMUb8CLw2ppZz24JvqRA9lmqNn0au+F1jww4WqFVaNp+z64U/l0Hqir6f/W7 vzM875o4UWzFBa0TvL1EA9G8vjSXW5E1pxw8kL7Gv69VtZ676B21KzFvs+TSmwHHMLTj9JUkpVkN 2Xm6EW/hC0usa1YPs5bnJomcYOmm1CD5VU49SkphNlysdKDlYTA7IVr3jKylTFHO/5DEHVVK2ZlR SM1w98xfLlAmrpSaR3gBHsOb/WG5wbE+R6vRMqqXntmII7wXQuxErQTqIft4eaAg== X-QQ-XMRINFO: Mp0Kj//9VHAxr69bL5MkOOs= From: Edward Adam Davis To: syzbot+6c746eea496f34b3161d@syzkaller.appspotmail.com Cc: chao@kernel.org, huyue2@coolpad.com, jefflexu@linux.alibaba.com, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, xiang@kernel.org Subject: [PATCH] erofs: fix uninit-value in z_erofs_lz4_decompress Date: Fri, 29 Dec 2023 19:09:39 +0800 X-OQ-MSGID: <20231229110938.1157837-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <000000000000321c24060d7cfa1c@google.com> References: <000000000000321c24060d7cfa1c@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When LZ4 decompression fails, the number of bytes read from out should be inputsize plus the returned overflow value ret. Reported-and-tested-by: syzbot+6c746eea496f34b3161d@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- fs/erofs/decompressor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c index 021be5feb1bc..8ac3f96676c4 100644 --- a/fs/erofs/decompressor.c +++ b/fs/erofs/decompressor.c @@ -250,7 +250,8 @@ static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, print_hex_dump(KERN_DEBUG, "[ in]: ", DUMP_PREFIX_OFFSET, 16, 1, src + inputmargin, rq->inputsize, true); print_hex_dump(KERN_DEBUG, "[out]: ", DUMP_PREFIX_OFFSET, - 16, 1, out, rq->outputsize, true); + 16, 1, out, (ret < 0 && rq->inputsize > 0) ? + (ret + rq->inputsize) : rq->outputsize, true); if (ret >= 0) memset(out + ret, 0, rq->outputsize - ret); -- 2.43.0