swapfile: fix memory corruption via malformed swapfile
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / mm / swapfile.c
index 746af55b8455ce0e9280b81c78e0ee5f2316f5d4..d0a89838b99a0d1e2ff692fc09fcb7d33f8f60e8 100644 (file)
@@ -1922,6 +1922,8 @@ static unsigned long read_swap_header(struct swap_info_struct *p,
                swab32s(&swap_header->info.version);
                swab32s(&swap_header->info.last_page);
                swab32s(&swap_header->info.nr_badpages);
+               if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES)
+                       return 0;
                for (i = 0; i < swap_header->info.nr_badpages; i++)
                        swab32s(&swap_header->info.badpages[i]);
        }