tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lib: decompress_bunzip2: fix 32-bit shift undefined behavior

Fix undefined behavior caused by shifting a 32-bit integer by 32 bits
during decompression. This prevents potential kernel decompression
failures or corruption when parsing malicious or malformed bzip2 archives.

Link: https://lkml.kernel.org/r/20260308165012.2872633-1-objecting@objecting.org
Signed-off-by: Josh Law <objecting@objecting.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Josh Law and committed by
Andrew Morton d4dba3b9 b02da26a

+2 -2
+2 -2
lib/decompress_bunzip2.c
··· 135 135 } 136 136 /* Avoid 32-bit overflow (dump bit buffer to top of output) */ 137 137 if (bd->inbufBitCount >= 24) { 138 - bits = bd->inbufBits&((1 << bd->inbufBitCount)-1); 138 + bits = bd->inbufBits & ((1ULL << bd->inbufBitCount) - 1); 139 139 bits_wanted -= bd->inbufBitCount; 140 140 bits <<= bits_wanted; 141 141 bd->inbufBitCount = 0; ··· 146 146 } 147 147 /* Calculate result */ 148 148 bd->inbufBitCount -= bits_wanted; 149 - bits |= (bd->inbufBits >> bd->inbufBitCount)&((1 << bits_wanted)-1); 149 + bits |= (bd->inbufBits >> bd->inbufBitCount) & ((1ULL << bits_wanted) - 1); 150 150 151 151 return bits; 152 152 }