[CC-ing linux-xfs mailing list] On Sat, May 25, 2024 at 12:41:19 AM +0800, lei lu wrote: > Add a check to make sure xfs_dir2_data_unused and xfs_dir2_data_entry > don't stray beyond valid memory region. > > Tested-by: lei lu <llfamsec@xxxxxxxxx> > Signed-off-by: lei lu <llfamsec@xxxxxxxxx> Also adding the missing RVB from Darrick, Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> > --- > fs/xfs/libxfs/xfs_dir2_data.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/fs/xfs/libxfs/xfs_dir2_data.c b/fs/xfs/libxfs/xfs_dir2_data.c > index dbcf58979a59..08c18e0c1baa 100644 > --- a/fs/xfs/libxfs/xfs_dir2_data.c > +++ b/fs/xfs/libxfs/xfs_dir2_data.c > @@ -178,6 +178,9 @@ __xfs_dir3_data_check( > struct xfs_dir2_data_unused *dup = bp->b_addr + offset; > struct xfs_dir2_data_entry *dep = bp->b_addr + offset; > > + if (offset + sizeof(*dup) > end) > + return __this_address; > + > /* > * If it's unused, look for the space in the bestfree table. > * If we find it, account for that, else make sure it > @@ -210,6 +213,10 @@ __xfs_dir3_data_check( > lastfree = 1; > continue; > } > + > + if (offset + sizeof(*dep) > end) > + return __this_address; > + > /* > * It's a real entry. Validate the fields. > * If this is a block directory then make sure it's -- Chandan
