Re: [PATCH] hfs: fix array out of bounds read of array extent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 31, 2018 at 03:05:38PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> 
> Currently extent and index i are both being incremented causing
> an array out of bounds read on extent[i]. Fix this by removing
> the extraneous increment of extent.
> 
> Detected by CoverityScan, CID#711541 ("Out of bounds read")
> 
> Fixes: d1081202f1d0 ("HFS rewrite")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>

I don't think this got picked up yet; let's see if I can help.

Reviewed-by: Ernesto A. Fernández <ernesto.mnd.fernandez@xxxxxxxxx>

> ---
>  fs/hfs/extent.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/hfs/extent.c b/fs/hfs/extent.c
> index 5d0182654580..636cdfcecb26 100644
> --- a/fs/hfs/extent.c
> +++ b/fs/hfs/extent.c
> @@ -300,7 +300,7 @@ int hfs_free_fork(struct super_block *sb, struct hfs_cat_file *file, int type)
>  		return 0;
>  
>  	blocks = 0;
> -	for (i = 0; i < 3; extent++, i++)
> +	for (i = 0; i < 3; i++)
>  		blocks += be16_to_cpu(extent[i].count);
>  
>  	res = hfs_free_extents(sb, extent, blocks, blocks);
> -- 
> 2.17.1
> 



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux