Unverified Commit 9931122d authored May 15, 2024 by Andrew Ballance Committed by Konstantin Komarov Sep 03, 2024

fs/ntfs3: Check if more than chunk-size bytes are written



A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_SIZE bytes and a index out of bounds
will occur in s_max_off.

Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

parent 556bdf27

fs/ntfs3/lznt.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 unc, u8 unc_end, const u8 *cmpr,

		/* Do decompression until pointers are inside range. */
		while (up < unc_end && cmpr < cmpr_end) {
		// return err if more than LZNT_CHUNK_SIZE bytes are written
		if (up - unc > LZNT_CHUNK_SIZE)
		return -EINVAL;
		/* Correct index */
		while (unc + s_max_off[index] < up)
		index += 1;