From: Yang Chenzhi <yang.chenzhi@xxxxxxxx> When running syzbot with a crafted HFS/HFS+ disk image containing invalid record offsets or lengths, the filesystem may hang. For example, in this case syzbot set the header’s second record offset to 0x7f00 while node_size is 4096. HFS/HFS+ failed to detect this fault, which eventually led to a crash. Since HFS/HFS+ makes heavy use of hfs_brec_lenoff, adding manual offset/length checks at every call site would be tedious and error-prone. Instead, it may be more robust to introduce validation directly inside hfs_brec_lenoff (or at a similar central point), ensuring that all callers can safely rely on the returned offset and length without additional checks. Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc fs/hfsplus/bnode.c | 41 ---------------------------------------- fs/hfsplus/btree.c | 6 ++++++ fs/hfsplus/hfsplus_fs.h | 42 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 41 deletions(-) -- 2.43.0
