Message ID | tencent_55ACA4583763B77466C5B36C637569638305@qq.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | hfsplus: fix uninit-value in hfsplus_attr_bin_cmp_key | expand |
diff --git a/fs/hfsplus/bfind.c b/fs/hfsplus/bfind.c index ca2ba8c9f82e..b939dc879dac 100644 --- a/fs/hfsplus/bfind.c +++ b/fs/hfsplus/bfind.c @@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd) fd->tree = tree; fd->bnode = NULL; - ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); + ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); if (!ptr) return -ENOMEM; fd->search_key = ptr;
[Syzbot reported] BUG: KMSAN: uninit-value in hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42 hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42 hfs_find_rec_by_key+0xb0/0x240 fs/hfsplus/bfind.c:100 __hfsplus_brec_find+0x26b/0x7b0 fs/hfsplus/bfind.c:135 hfsplus_brec_find+0x445/0x970 fs/hfsplus/bfind.c:195 hfsplus_find_attr+0x30c/0x390 hfsplus_attr_exists+0x1c6/0x260 fs/hfsplus/attributes.c:182 __hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336 hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434 hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30 __vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201 __vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235 __vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296 vfs_setxattr+0x294/0x650 fs/xattr.c:322 do_setxattr fs/xattr.c:630 [inline] setxattr+0x45f/0x540 fs/xattr.c:653 path_setxattr+0x1f5/0x3c0 fs/xattr.c:672 __do_sys_setxattr fs/xattr.c:688 [inline] __se_sys_setxattr fs/xattr.c:684 [inline] __x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] __do_kmalloc_node mm/slub.c:3980 [inline] __kmalloc+0x919/0xf80 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [inline] hfsplus_find_init+0x91/0x250 fs/hfsplus/bfind.c:21 hfsplus_attr_exists+0xde/0x260 fs/hfsplus/attributes.c:178 __hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336 hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434 hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30 __vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201 __vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235 __vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296 vfs_setxattr+0x294/0x650 fs/xattr.c:322 do_setxattr fs/xattr.c:630 [inline] setxattr+0x45f/0x540 fs/xattr.c:653 path_setxattr+0x1f5/0x3c0 fs/xattr.c:672 __do_sys_setxattr fs/xattr.c:688 [inline] __se_sys_setxattr fs/xattr.c:684 [inline] __x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b [Fix] Let's clear all search_key fields at alloc time. Reported-and-tested-by: syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> --- fs/hfsplus/bfind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)