From: fishland <liu.song11@xxxxxxxxxx>
Even though we protect on-flash data by CRC checksums,
we still don't trust the media. If lnum is not 0 or 1,
access exceed array boundary can lead to bad situation.
Signed-off-by: Liu Song <liu.song11@xxxxxxxxxx>
Reviewed-by: Jiang Biao <jiang.biao2@xxxxxxxxxx>
---
drivers/mtd/ubi/vtbl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c
index 94d7a86..64a2937 100644
--- a/drivers/mtd/ubi/vtbl.c
+++ b/drivers/mtd/ubi/vtbl.c
@@ -410,6 +410,10 @@ static struct ubi_vtbl_record *process_lvol(struct ubi_device *ubi,
/* Read both LEB 0 and LEB 1 into memory */
ubi_rb_for_each_entry(rb, aeb, &av->root, u.rb) {
+ if (aeb->lnum != 0 && aeb->lnum != 1) {
+ ubi_warn(ubi, "volume store in LEB %d", aeb->lnum);
+ continue;
+ }
leb[aeb->lnum] = vzalloc(ubi->vtbl_size);
if (!leb[aeb->lnum]) {
err = -ENOMEM;
--
2.1.0.GIT
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
[PATCH] mtd/ubi: Make sure to read volume record from LEB 0 or LEB 1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH] mtd/ubi: Make sure to read volume record from LEB 0 or LEB 1
- From: Liu Song <liu.song11@xxxxxxxxxx>
- Date: Mon, 20 Aug 2018 14:09:05 +0800
- Cc: jiang.biao2@xxxxxxxxxx, linux-mtd@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, zhong.weidong@xxxxxxxxxx, liu.song11@xxxxxxxxxx
- Follow-Ups:
- Re: [PATCH] mtd/ubi: Make sure to read volume record from LEB 0 or LEB 1
- From: Richard Weinberger
- Re: [PATCH] mtd/ubi: Make sure to read volume record from LEB 0 or LEB 1
- Prev by Date: [PATCH] UBIFS: Fix typo of output in get_cs_sqnum
- Next by Date: Re: [EXT] Re: nand speed test
- Previous by thread: [PATCH] UBIFS: Fix typo of output in get_cs_sqnum
- Next by thread: Re: [PATCH] mtd/ubi: Make sure to read volume record from LEB 0 or LEB 1
- Index(es):
 |