diff options
| author | Jin Qian <jinqian@google.com> | 2017-04-27 11:29:22 -0700 |
|---|---|---|
| committer | Jin Qian <jinqian@google.com> | 2017-05-08 14:08:49 -0700 |
| commit | 2c3f0a64f8feebc5292eaa98de73a8c30aebf686 (patch) | |
| tree | 28a1130e9c569c0b50e94eab50d7b81c6ff07dac /fsck | |
| parent | 1a59456653beccf08281281c32abfa4fff785f73 (diff) | |
| download | f2fs-tools-2c3f0a64f8feebc5292eaa98de73a8c30aebf686.tar.gz | |
fsck.f2fs: sanity check blk_off for summary block entries
crafted malicious f2fs partition can fill an out of bound blk_off,
which cause overflow when accessing summary block entries.
Bug: 36394556
Change-Id: Icf0dfa7803a377c140b7d30cd7037c6058a4f8ea
Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fsck')
| -rw-r--r-- | fsck/mount.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fsck/mount.c b/fsck/mount.c index 0111960..8d3f96e 100644 --- a/fsck/mount.c +++ b/fsck/mount.c @@ -892,6 +892,8 @@ static void read_compacted_summaries(struct f2fs_sb_info *sbi) else blk_off = curseg->next_blkoff; + ASSERT(blk_off <= ENTRIES_IN_SUM); + for (j = 0; j < blk_off; j++) { struct f2fs_summary *s; s = (struct f2fs_summary *)(kaddr + offset); |