On Mon, 2025-08-18 at 22:17 +0800, Chenzhi Yang wrote: > From: Yang Chenzhi <yang.chenzhi@xxxxxxxx> > > When running syzbot with a crafted HFS/HFS+ disk image containing > invalid record offsets or lengths, the filesystem may hang. For > example, in this case syzbot set the header’s second record offset > to 0x7f00 while node_size is 4096. HFS/HFS+ failed to detect this > fault, which eventually led to a crash. > HFS has 512 bytes b-tree node size. > Since HFS/HFS+ makes heavy use of hfs_brec_lenoff, adding manual > offset/length checks at every call site would be tedious and > error-prone. > You are mentioning HFS here. But you've shared fix only for HFS+. Are you planning to share the fix for HFS too? Thanks, Slava. > Instead, it may be more robust to introduce validation directly > inside hfs_brec_lenoff (or at a similar central point), ensuring > that all callers can safely rely on the returned offset and length > without additional checks. > > Yang Chenzhi (1): > hfs: validate record offset in hfsplus_bmap_alloc > > fs/hfsplus/bnode.c | 41 ---------------------------------------- > fs/hfsplus/btree.c | 6 ++++++ > fs/hfsplus/hfsplus_fs.h | 42 +++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 48 insertions(+), 41 deletions(-)
