fuse: Block access to folio overlimit - kernel - saturneric's kernel source tree

diff options

author	Edward Adam Davis <[email protected]>	2025-08-27 01:45:55 +0000
committer	Miklos Szeredi <[email protected]>	2025-08-27 12:29:43 +0000
commit	9d81ba6d49a7457784f0b6a71046818b86ec7e44 (patch)
tree	28f6865b462c86cf632ef866aa7338e562c0cff0 /drivers/fpga/zynq-fpga.c
parent	fuse: fix fuseblk i_blkbits for iomap partial writes (diff)
download	kernel-9d81ba6d49a7457784f0b6a71046818b86ec7e44.tar.gz kernel-9d81ba6d49a7457784f0b6a71046818b86ec7e44.zip

fuse: Block access to folio overlimit

syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_pages and there is an offset, the oob is triggered. Add a loop termination condition to prevent overruns. Fixes: 3568a9569326 ("fuse: support large folios for retrieves") Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=2d215d165f9354b9c4ea Tested-by: [email protected] Signed-off-by: Edward Adam Davis <[email protected]> Reviewed-by: Joanne Koong <[email protected]> Signed-off-by: Miklos Szeredi <[email protected]>

Diffstat (limited to 'drivers/fpga/zynq-fpga.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: