ext2fs_validate_entry would read beyond the end of the block to get dirent->rec_len for certain arguments (like if blocksize == final_offset). This patch adds a check so that doesn't happen, and changes the types of the arguments to avoid a compiler warning. Signed-off-by: Nic Case <number9652@xxxxxxxxx> diff --git a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c index 1f8cf8f..6be066c 100644 --- a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c +++ b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c @@ -29,13 +29,15 @@ * undeleted entry. Returns 1 if the deleted entry looks valid, zero * if not valid. */ -static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset, - int final_offset) +static int ext2fs_validate_entry(ext2_filsys fs, char *buf, + unsigned int offset, + unsigned int final_offset) { struct ext2_dir_entry *dirent; int rec_len; + int dirent_min_len = 12; - while (offset < final_offset) { + while (offset < final_offset && offset <= fs->blocksize - dirent_min_len) { dirent = (struct ext2_dir_entry *)(buf + offset); rec_len = (dirent->rec_len || fs->blocksize < 65536) ? dirent->rec_len : 65536; -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html