1. Patchew
  2. linux
  3. View series

[PATCH] hfsplus: fix uninit-value in hfsplus_rename_cat

Tristan Madani posted 1 patch 1 month, 4 weeks ago 
fs/hfsplus/inode.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] hfsplus: fix uninit-value in hfsplus_rename_cat
Posted by Tristan Madani 1 month, 4 weeks ago 
From: Tristan Madani <tristan@talencesecurity.com>

hfsplus_rename_cat() uses subfolder counts from the on-disk record
without zero-initializing the destination buffer when the else branch
is taken. This leads to KMSAN-detected use of uninitialized memory.

Zero-initialize the relevant fields in the else branch to prevent
reading uninitialized data.

Reported-by: syzbot+93f4402297a457fc6895@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Tristan Madani <tristan@talencesecurity.com>
---
 fs/hfsplus/inode.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c
index d05891ec492e3..356847ab3abf2 100644
--- a/fs/hfsplus/inode.c
+++ b/fs/hfsplus/inode.c
@@ -592,6 +592,8 @@ int hfsplus_cat_read_inode(struct inode *inode, struct hfs_find_data *fd)
 		if (folder->flags & cpu_to_be16(HFSPLUS_HAS_FOLDER_COUNT)) {
 			HFSPLUS_I(inode)->subfolders =
 				be32_to_cpu(folder->subfolders);
+		} else {
+			HFSPLUS_I(inode)->subfolders = 0;
 		}
 		inode->i_op = &hfsplus_dir_inode_operations;
 		inode->i_fop = &hfsplus_dir_operations;
-- 
2.47.3

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.