ntfs3: avoid memcpy size warning · tjh.dev/kernel@c3856bb

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ntfs3: avoid memcpy size warning

There are more entries after the structure, use unsafe_memcpy() to avoid
this warning.

syzbot reported:
memcpy: detected field-spanning write (size 3656) of single field "hdr1" at fs/ntfs3/index.c:1927 (size 16)
Call Trace:
indx_insert_entry+0x1a0/0x460 fs/ntfs3/index.c:1996
ni_add_name+0x4dd/0x820 fs/ntfs3/frecord.c:2995
ni_rename+0x98/0x170 fs/ntfs3/frecord.c:3026
ntfs_rename+0xab9/0xf00 fs/ntfs3/namei.c:332

Reported-by: syzbot+3a1878433bc1cb97b42a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3a1878433bc1cb97b42a
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

authored by

Lizhi Xu and committed by

Konstantin Komarov 4 months ago c3856bb4 5f33da04

+2 -1

1 changed file

expand all

ntfs3

index.c

+2 -1

fs/ntfs3/index.c

··· 1924 1924 * Undo critical operations. 1925 1925 */ 1926 1926 indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits); 1927 - memcpy(hdr1, hdr1_saved, used1); 1927 + unsafe_memcpy(hdr1, hdr1_saved, used1, 1928 + "There are entries after the structure"); 1928 1929 indx_write(indx, ni, n1, 0); 1929 1930 } 1930 1931