[v1] bcachefs: Fix shift-out-of-bounds in bch2_stripe_to_text

[PATCH] bcachefs: Fix shift-out-of-bounds in bch2_stripe_to_text

Zhao Mengmeng posted 1 patch 2 months ago

Diff against v2 v3
Download mbox

There is a newer version of this series

fs/bcachefs/ec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH] bcachefs: Fix shift-out-of-bounds in bch2_stripe_to_text

Posted by Zhao Mengmeng 2 months ago

From: Zhao Mengmeng <zhaomengmeng@kylinos.cn>

syzbot report a shift-out-of-bounds issue:
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in fs/bcachefs/ec.c:147:2
shift exponent 108 is too large for 32-bit type 'unsigned int'
----
Here s.csum_granularity_bits = 108, shift is impossible for unsigned
int, so modify the prt_printf() output to dump csum_granularity_bits
rather than the actual value.

Reported-by: syzbot+f8c98a50c323635be65d@syzkaller.appspotmail.com
Tested-by: syzbot+f8c98a50c323635be65d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f8c98a50c323635be65d
Signed-off-by: Zhao Mengmeng <zhaomengmeng@kylinos.cn>
---
 fs/bcachefs/ec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/bcachefs/ec.c b/fs/bcachefs/ec.c
index 141a4c63142f..2d5cd9d837f2 100644
--- a/fs/bcachefs/ec.c
+++ b/fs/bcachefs/ec.c
@@ -144,7 +144,7 @@ void bch2_stripe_to_text(struct printbuf *out, struct bch_fs *c,
 		   nr_data,
 		   s.nr_redundant);
 	bch2_prt_csum_type(out, s.csum_type);
-	prt_printf(out, " gran %u", 1U << s.csum_granularity_bits);
+	prt_printf(out, " gran 1<<%u", s.csum_granularity_bits);
 
 	for (unsigned i = 0; i < s.nr_blocks; i++) {
 		const struct bch_extent_ptr *ptr = sp->ptrs + i;
-- 
2.43.0