fs/jfs/jfs_dmap.c · 1ec48f95519bd3e920536118e8ddd30e28cde4ab · Kirill Smelkov / linux

jfs: fix divide error in dbNextAG · 2cc7cc01

Pavel Skripkin authored Mar 19, 2022

Syzbot reported divide error in dbNextAG(). The problem was in missing
validation check for malicious image.

Syzbot crafted an image with bmp->db_numag equal to 0. There wasn't any
validation checks, but dbNextAG() blindly use bmp->db_numag in divide
expression

Fix it by validating bmp->db_numag in dbMount() and return an error if
image is malicious

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+46f5c25af73eb8330eb6@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

2cc7cc01

jfs_dmap.c 111 KB

Replace jfs_dmap.c