20 Dec
2018
20 Dec
'18
10:45 a.m.
Am Donnerstag, 20. Dezember 2018, 11:43:08 CET schrieb Hou Tao:
On 2018/12/16 0:23, Richard Weinberger wrote:
The rtime compressor assumes that at least two bytes are compressed. If we try to compress just one byte, the loop condition will wrap around and an out-of-bounds write happens.
Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger richard@nod.at
fs/jffs2/compr_rtime.c | 3 +++ 1 file changed, 3 insertions(+) It seems that it doesn't incur any harm because the minimal allocated
size will be 8-bytes and jffs2_rtime_compress() will write 2-bytes into the allocated buffer.
Are you sure about that? I saw odd kernel behavior and KASAN complained too.
Thanks, //richard