openharmony/third_party_f2fs-tools
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_f2fs-tools synced 2024-11-23 10:10:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fsck.f2fs: fix cur_valid_map buffer overflow

Browse Source 
blk_off is read from image. Attacker can construct an image with big
blk_off that trigger overflow on se->cur_valid_map.

Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
This commit is contained in:
Jin Qian 2017-04-18 10:58:05 -07:00 committed by Jaegeuk Kim
parent 0f9e1e23da
commit 8a51985120
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fsck/fsck.c
View File

@ -1804,6 +1804,8 @@ int check_curseg_offset(struct f2fs_sb_info *sbi)
struct seg_entry *se;
int j, nblocks;
if ((curseg->next_blkoff >> 3) >= SIT_VBLOCK_MAP_SIZE)
return -EINVAL;
se = get_seg_entry(sbi, curseg->segno);
if (f2fs_test_bit(curseg->next_blkoff,
(const char *)se->cur_valid_map)) {