In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix OOB in nilfssetde_type
The size of the nilfstypebymode array in the fs/nilfs2/dir.c file is defined as "SIFMT >> SSHIFT", but the nilfssetdetype() function, which uses this array, specifies the index to read from the array in the same way as "(mode & SIFMT) >> SSHIFT".
static void nilfssetdetype(struct nilfsdirentry *de, struct inode *inode) { umodet mode = inode->i_mode;
de->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob
}
However, when the index is determined this way, an out-of-bounds (OOB) error occurs by referring to an index that is 1 larger than the array size when the condition "mode & SIFMT == SIFMT" is satisfied. Therefore, a patch to resize the nilfstypeby_mode array should be applied to prevent OOB errors.