----- Ursprüngliche Mail ----- > Von: "Joakim Tjernlund" <joakim.tjernl...@infinera.com> > An: "menglong8 dong" <menglong8.d...@gmail.com>, "David Woodhouse" > <dw...@infradead.org> > CC: "yang yang29" <yang.yan...@zte.com.cn>, "stable" > <sta...@vger.kernel.org>, "linux-kernel" > <linux-kernel@vger.kernel.org>, "richard" <rich...@nod.at>, "linux-mtd" > <linux-...@lists.infradead.org> > Gesendet: Donnerstag, 28. Januar 2021 12:17:34 > Betreff: Re: [PATCH] jffs2: check the validity of dstlen in > jffs2_zlib_compress()
> On Thu, 2021-01-28 at 02:55 -0800, menglong8.d...@gmail.com wrote: >> From: Yang Yang <yang.yan...@zte.com.cn> >> >> KASAN reports a BUG when download file in jffs2 filesystem.It is >> because when dstlen == 1, cpage_out will write array out of bounds. >> Actually, data will not be compressed in jffs2_zlib_compress() if >> data's length less than 4. > > Ouch, data corruption will ensue. Good find! > I think this needs to go to stable as well. Indeed! Do you know whether this is a regression? Seems to be like that since ever. Thanks, //richard
