Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp5331798rdb; Sat, 30 Dec 2023 17:14:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IE1TYQXMjz1hqatG2T34DsVMh3O9i6AE/qAl6jHVhw5GeKV7+7lMFKQccEUBdtYnn+d2rI0 X-Received: by 2002:a05:6214:e63:b0:67a:cbca:d5e0 with SMTP id jz3-20020a0562140e6300b0067acbcad5e0mr17684663qvb.58.1703985274480; Sat, 30 Dec 2023 17:14:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703985274; cv=none; d=google.com; s=arc-20160816; b=FixvDIsSIVP2ocG+2clxXhgAOhH1MezmIiKVyqfojDWpecacj39B/4W+YKLMlIEdAM sfepp7WKwOjTUBn4AznpfQQtT7VP2hIva1OXwFGsn+6iWclWkbR6UMS6Cg+Lp0VtCWhc TBTaYqSZGiyJj0JeWqvBscfRfFUEh8C6NZzZwBnhjAW0GSBA9hpIzZ4xjT6aOY+ptkdk AxUgvsuZ43hKH3rLWClbxoP1VNh9b9kwTLhQsSvpSlNzTjaDl+y35jEBOT8KZVLm1cFp 0gOos2RsVyTMT5STenORWrrR/10RrmyqRq/XkYK3mXV9ynraN9vqxCDq28F2cTbs4msI ye/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id; bh=xDAyZw3sS2innOLWJyf+2RGwVTsjyIuraba3p5YOEUk=; fh=Iepvl4OMXH7iVntkF3+5Xbqewbf2SJRYLbFJs/TFNL8=; b=roVjWWoZtfGk3UEIWrmQC5vXKN4whnI39aigzmmbDl3ld2pusYmLiZA8Gv/RLxIwGW ynKSkJBnjuu9IgMZcggQF3jKc3XjnLzRLGNOpL8W1LAgXF0K71r6r8evT7mJ9BmcbUTM NEpAjl8ZzDOTp+agMZ3vw9XaFHyT5CIqOmmLz/wOwhW/qDkSnyTouOG3Ob1P4NNQHhx0 AhNkrlRQGoxehubq1eR/Vmr4q3hXitzucVaDp48HAa4YLJzqZNjY7JItOpKWTvZiqlCB dW46e4g6FHHMei4H3ETwzuXThXi2FgX6wTM33f/zBSwaBRk3xHL1ps0Nz2t5Ye2OvxDP 0+4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-13619-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13619-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id c20-20020a05622a059400b00427e7974452si9901472qtb.719.2023.12.30.17.14.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 Dec 2023 17:14:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-13619-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-13619-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13619-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 42BB71C21D2A for ; Sun, 31 Dec 2023 01:14:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 85D11A5E; Sun, 31 Dec 2023 01:14:24 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from out30-124.freemail.mail.aliyun.com (out30-124.freemail.mail.aliyun.com [115.124.30.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B572659; Sun, 31 Dec 2023 01:14:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R151e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046060;MF=hsiangkao@linux.alibaba.com;NM=1;PH=DS;RN=10;SR=0;TI=SMTPD_---0VzViQy2_1703985251; Received: from 192.168.70.84(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0VzViQy2_1703985251) by smtp.aliyun-inc.com; Sun, 31 Dec 2023 09:14:12 +0800 Message-ID: <8f0dd1ed-8849-46ef-af2a-4baf4dc91422@linux.alibaba.com> Date: Sun, 31 Dec 2023 09:14:11 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] erofs: fix uninit-value in z_erofs_lz4_decompress To: Edward Adam Davis , syzbot+6c746eea496f34b3161d@syzkaller.appspotmail.com Cc: chao@kernel.org, huyue2@coolpad.com, jefflexu@linux.alibaba.com, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, xiang@kernel.org References: <000000000000321c24060d7cfa1c@google.com> From: Gao Xiang In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2023/12/29 19:09, Edward Adam Davis wrote: > When LZ4 decompression fails, the number of bytes read from out should be > inputsize plus the returned overflow value ret. > > Reported-and-tested-by: syzbot+6c746eea496f34b3161d@syzkaller.appspotmail.com > Signed-off-by: Edward Adam Davis > --- > fs/erofs/decompressor.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c > index 021be5feb1bc..8ac3f96676c4 100644 > --- a/fs/erofs/decompressor.c > +++ b/fs/erofs/decompressor.c > @@ -250,7 +250,8 @@ static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, > print_hex_dump(KERN_DEBUG, "[ in]: ", DUMP_PREFIX_OFFSET, > 16, 1, src + inputmargin, rq->inputsize, true); > print_hex_dump(KERN_DEBUG, "[out]: ", DUMP_PREFIX_OFFSET, > - 16, 1, out, rq->outputsize, true); > + 16, 1, out, (ret < 0 && rq->inputsize > 0) ? > + (ret + rq->inputsize) : rq->outputsize, true); It's incorrect since output decompressed buffer has no relationship with `rq->inputsize` and `ret + rq->inputsize` is meaningless too. Also, the issue was already fixed by avoiding debugging messages as https://lore.kernel.org/r/20231227151903.2900413-1-hsiangkao@linux.alibaba.com Thanks, Gao Xiang