When I did fsck a filesystem with large blocksize(greater than 8192),
segmentation fault occured. The cause is the size of b_data array that is
defined as a fixed size in buffer_head structure.
(File: e2fsck/jfs_user.h)
struct buffer_head {
char b_data[8192];
e2fsck_t b_ctx;
io_channel b_io;
int b_size;
blk_t b_blocknr;
int b_dirty;
int b_uptodate;
int b_err;
};
It is unreasonable, because if the blocksize is greater than 8192, b_data will
overflow and the other variable would be changed, then if we touch those
variable, segmentation fault occurs.
This patch fixes this bug.
Signed-off-by: Miao Xie <miaox@xxxxxxxxxxxxxx>
---
e2fsck/jfs_user.h | 2 +-
e2fsck/journal.c | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/e2fsck/jfs_user.h b/e2fsck/jfs_user.h
index 0e4f951..f042218 100644
--- a/e2fsck/jfs_user.h
+++ b/e2fsck/jfs_user.h
@@ -15,7 +15,7 @@
#include "e2fsck.h"
struct buffer_head {
- char b_data[8192];
+ char * b_data;
e2fsck_t b_ctx;
io_channel b_io;
int b_size;
diff --git a/e2fsck/journal.c b/e2fsck/journal.c
index 10f5095..ca7a4c3 100644
--- a/e2fsck/journal.c
+++ b/e2fsck/journal.c
@@ -73,6 +73,12 @@ struct buffer_head *getblk(kdev_t kdev, blk_t blocknr, int blocksize)
if (!bh)
return NULL;
+ bh->b_data = e2fsck_allocate_memory(kdev->k_ctx, blocksize,
+ "block buffer b_data");
+ if (!bh->b_data) {
+ ext2fs_free_mem(&bh);
+ return NULL;
+ }
#ifdef CONFIG_JBD_DEBUG
if (journal_enable_debug >= 3)
bh_count++;
@@ -163,6 +169,8 @@ void brelse(struct buffer_head *bh)
ll_rw_block(WRITE, 1, &bh);
jfs_debug(3, "freeing block %lu/%p (total %d)\n",
(unsigned long) bh->b_blocknr, (void *) bh, --bh_count);
+ if (bh->b_data)
+ ext2fs_free_mem(&bh->b_data);
ext2fs_free_mem(&bh);
}
--
1.5.4.rc3
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
