diff options
| author | Edward Adam Davis <eadavis@qq.com> | 2024-10-14 15:16:38 +0300 |
|---|---|---|
| committer | Konstantin Komarov <almaz.alexandrovich@paragon-software.com> | 2025-02-05 17:48:40 +0300 |
| commit | ff355926445897cc9fdea3b00611e514232c213c (patch) | |
| tree | 0e0bafe48257a80de3f2cb9a73f1adb14a7db824 | |
| parent | 1d1a7e2525491f56901f5f63370a0775768044b8 (diff) | |
| download | linux-ff355926445897cc9fdea3b00611e514232c213c.tar.xz | |
fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
Syzbot reported a WARNING in ntfs_extend_initialized_size.
The data type of in->i_valid and to is u64 in ntfs_file_mmap().
If their values are greater than LLONG_MAX, overflow will occur because
the data types of the parameters valid and new_valid corresponding to
the function ntfs_extend_initialized_size() are loff_t.
Before calling ntfs_extend_initialized_size() in the ntfs_file_mmap(),
the "ni->i_valid < to" has been determined, so the same WARN_ON determination
is not required in ntfs_extend_initialized_size().
Just execute the ntfs_extend_initialized_size() in ntfs_extend() to make
a WARN_ON check.
Reported-and-tested-by: syzbot+e37dd1dfc814b10caa55@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=e37dd1dfc814b10caa55
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
| -rw-r--r-- | fs/ntfs3/file.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c index d3a31bad21f9..4d9d84cc3c6f 100644 --- a/fs/ntfs3/file.c +++ b/fs/ntfs3/file.c @@ -412,6 +412,7 @@ static int ntfs_extend(struct inode *inode, loff_t pos, size_t count, } if (extend_init && !is_compressed(ni)) { + WARN_ON(ni->i_valid >= pos); err = ntfs_extend_initialized_size(file, ni, ni->i_valid, pos); if (err) goto out; |