[Bug 263811] ffs(4): Disk with garbage can cause crash in taste ffs crc32 code: panic: g_read_data(): invalid length -268744963

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 16 May 2022 20:18:50 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263811

--- Comment #4 from Kirk McKusick <mckusick@FreeBSD.org> ---
(In reply to Robert Morris from comment #3)
Right. The lower bound test should be fs->fs_sbsize < fs->fs_fsize since a
zero-length superblock size would be wrong.

I am working on some other feedback about problems that the checks cause. I
will do an update to the patch when I have figured them out.

Thanks for your help in identifying and fixing these vulnerabilities.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.