Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-07 14:32:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bcachefs: Fix oob write in __bch2_btree_node_write

Browse Source 
Fix a possible out of bounds write in __bch2_btree_node_write when
the data buffer padding is cleared up to the block size. The out of
bounds write is possible if the data buffers size is not a multiple
of the block size.

Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Dan Robertson 2021-05-07 22:29:02 -04:00 committed by Kent Overstreet
parent 1784d43a88
commit 5bc38f44fa
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fs/bcachefs/btree_io.c
View File

@ -1500,6 +1500,9 @@ void __bch2_btree_node_write(struct bch_fs *c, struct btree *b)
/* bch2_varint_decode may read up to 7 bytes past the end of the buffer: */
bytes += 8;
/* buffer must be a multiple of the block size */
bytes = round_up(bytes, block_bytes(c));
data = btree_bounce_alloc(c, bytes, &used_mempool);
if (!b->written) {