projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 98f7462)
xfs: check for underflow in xfs_iformat_fork()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 15 Aug 2013 05:53:38 +0000 (08:53 +0300)
committerBen Myers <bpm@sgi.com>
Mon, 26 Aug 2013 16:28:08 +0000 (11:28 -0500)
The "di_size" variable comes from the disk and it's a signed 64 bit.
We check the upper limit but we should check for negative numbers as
well.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
fs/xfs/xfs_inode_fork.c patch | blob | blame | history

diff --git a/fs/xfs/xfs_inode_fork.c b/fs/xfs/xfs_inode_fork.c
index 2b60a5a2ae532288a41f1a0aee62119a05d4372c..02f1083955bb1dfa19c295adea18b663b25f93f7 100644 (file)
--- a/fs/xfs/xfs_inode_fork.c
+++ b/fs/xfs/xfs_inode_fork.c
@@ -167,7 +167,8 @@ xfs_iformat_fork(
                        }
 
                        di_size = be64_to_cpu(dip->di_size);
-                       if (unlikely(di_size > XFS_DFORK_DSIZE(dip, ip->i_mount))) {
+                       if (unlikely(di_size < 0 ||
+                                    di_size > XFS_DFORK_DSIZE(dip, ip->i_mount))) {
                                xfs_warn(ip->i_mount,
                        "corrupt inode %Lu (bad size %Ld for local inode).",
                                        (unsigned long long) ip->i_ino,