Re: Several potential vulnerabilities in the filesystem

On 2024/6/5 19:18, Gao Xiang wrote: > Hi Jianqiang, > > On 2024/6/5 19:00, jianqiang wang wrote: >> Hi, >> >> I do have the crafted image. >> >> payload_00500, payload_00763, payload_00846 can be used to reproduce >> 1,2,3 vulnerabilities respectively. >> >> Each image is a hard drive file and the

[PATCH] fs/erofs: fix an overflow issue of unmapped extents

Here the size should be `length - skip`, otherwise it could cause the destination buffer overflow. Reported-by: jianqiang wang Fixes: 65cb73057b65 ("fs/erofs: add lz4 decompression support") Signed-off-by: Jianan Huang --- fs/erofs/data.c | 2 +- 1 file changed, 1 insertion(+),

Re: [PATCH v4 2/5] lib/lz4: update LZ4 decompressor module

Hi Jonathan, Could you please try the following patch ? It replaces all memcpy() calls in lz4 with __builtin_memcpy(). diff --git a/lib/lz4.c b/lib/lz4.c index d365dc727c..2afe31c1c3 100644 --- a/lib/lz4.c +++ b/lib/lz4.c @@ -34,6 +34,8 @@ #include #include +#define LZ4_memcpy(dst, src, size

[PATCH] fs/erofs: add DEFLATE algorithm support

This patch adds DEFLATE compression algorithm support. It's a good choice to trade off between compression ratios and performance compared to LZ4. Alternatively, DEFLATE could be used for some specific files since EROFS supports multiple compression algorithms in one image. Signed-off-by: J