Syzbot reported a KMSAN uninit-value issue in ovl_fill_real and it was
allocated from fscrypt_fname_alloc_buffer. Fixed it by kzalloc.
The call chain is:
__do_sys_getdents64()
-> iterate_dir()
...
-> ext4_readdir()
-> fscrypt_fname_alloc_buffer() // alloc
-> dir_emit()
-> ovl_fill_real() // use by strcmp()
Reported-by: [email protected]
Close: https://syzkaller.appspot.com/bug?extid=d130f98b2c265fae5297
Signed-off-by: Qing Wang <[email protected]>
---
fs/crypto/fname.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index a9a4432d12ba..ba8282b96a2e 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -220,7 +220,7 @@ int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
u32 max_presented_len = max_t(u32, FSCRYPT_NOKEY_NAME_MAX_ENCODED,
max_encrypted_len);
- crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
+ crypto_str->name = kzalloc(max_presented_len + 1, GFP_NOFS);
if (!crypto_str->name)
return -ENOMEM;
crypto_str->len = max_presented_len;
--
2.34.1
