On Tue 06-12-16 15:59:01, Darrick J. Wong wrote:
> Don't load an inode with a negative size; this causes integer overflow
> problems in the VFS.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Thanks, I've added the patch to my tree.
Honza
> ---
> fs/ext2/inode.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
> index 41b8b44..01f6d4b 100644
> --- a/fs/ext2/inode.c
> +++ b/fs/ext2/inode.c
> @@ -1476,6 +1476,10 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
> inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
> else
> ei->i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl);
> + if (i_size_read(inode) < 0) {
> + ret = -EFSCORRUPTED;
> + goto bad_inode;
> + }
> ei->i_dtime = 0;
> inode->i_generation = le32_to_cpu(raw_inode->i_generation);
> ei->i_state = 0;
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
