openharmony/third_party_f2fs-tools
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_f2fs-tools synced 2024-11-23 10:10:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fsck.f2fs: sanity check segno and blk_off when building curseg array

Browse Source 
segno and blk_off were read from input image without sanity check. This
could lead to buffer overflow when accessing internal arrays like SIT
sentries and seg_entry cur_valid_map.

Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
This commit is contained in:
Jin Qian 2017-04-27 15:45:28 -07:00 committed by Jaegeuk Kim
parent b79c3ba4ea
commit 892e1542e7
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fsck/mount.c
View File

@ -1130,6 +1130,9 @@ static void build_curseg(struct f2fs_sb_info *sbi)
blk_off = get_cp(cur_node_blkoff[i - CURSEG_HOT_NODE]);
segno = get_cp(cur_node_segno[i - CURSEG_HOT_NODE]);
}
ASSERT(segno < TOTAL_SEGS(sbi));
ASSERT(blk_off < DEFAULT_BLOCKS_PER_SEGMENT);
array[i].segno = segno;
array[i].zone = GET_ZONENO_FROM_SEGNO(sbi, segno);
array[i].next_segno = NULL_SEGNO;