fs/ntfs3: Check if more than chunk-size bytes are written

A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_SIZE bytes and a index out of bounds
will occur in s_max_off.

Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
This commit is contained in:
Andrew Ballance 2024-05-15 07:38:33 -05:00 committed by Konstantin Komarov
parent 556bdf27c2
commit 9931122d04
No known key found for this signature in database
GPG Key ID: A9B0331F832407B6

View File

@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr,
/* Do decompression until pointers are inside range. */ /* Do decompression until pointers are inside range. */
while (up < unc_end && cmpr < cmpr_end) { while (up < unc_end && cmpr < cmpr_end) {
// return err if more than LZNT_CHUNK_SIZE bytes are written
if (up - unc > LZNT_CHUNK_SIZE)
return -EINVAL;
/* Correct index */ /* Correct index */
while (unc + s_max_off[index] < up) while (unc + s_max_off[index] < up)
index += 1; index += 1;