On Thu, 2012-11-22 at 15:33 +0300, Dan Carpenter wrote: > It's actually dn->size that we care about here. That's not checked > in ubifs_check_node(). :( It may be checked somewhere else, I'm > still looking. Wow, despite us trying to be very careful about validating what we read from flash, it seems we indeed never validate 'size'... Let me invent a fix for this, which should also be sent to -stable. Thanks! -- Best Regards, Artem Bityutskiy
Attachment:
signature.asc
Description: This is a digitally signed message part
