From: Lukasz Majewski <l.majewski@samsung.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 10/13] ext4: Avoid out-of-bounds access of block bitmap
Date: Mon, 29 Aug 2016 16:08:41 +0200 [thread overview]
Message-ID: <20160829160841.5eebee28@amdc2363> (raw)
In-Reply-To: <d469f2e4cebb44d6874e1db2bfd5007f@rwthex-w2-b.rwth-ad.de>
Hi Stefan,
> If the blocksize is 1024, count is initialized with 1. Incrementing
> count by 8 will never match (count == fs->blksz * 8), and ptr may be
> incremented beyond the buffer end if the bitmap is filled. Add the
> startblock offset after the loop.
>
> Remove the second loop, as only the first iteration will be done.
>
> Signed-off-by: Stefan Br?ns <stefan.bruens@rwth-aachen.de>
> ---
> fs/ext4/ext4_common.c | 34 ++++++++++++----------------------
> 1 file changed, 12 insertions(+), 22 deletions(-)
>
> v3: Patch added to series
>
> diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
> index 362668b..11da6fa 100644
> --- a/fs/ext4/ext4_common.c
> +++ b/fs/ext4/ext4_common.c
> @@ -158,18 +158,12 @@ static int _get_new_inode_no(unsigned char
> *buffer)
> static int _get_new_blk_no(unsigned char *buffer)
> {
> - unsigned char input;
> - int operand, status;
> + int operand;
> int count = 0;
> - int j = 0;
> + int i;
> unsigned char *ptr = buffer;
> struct ext_filesystem *fs = get_fs();
>
> - if (fs->blksz != 1024)
> - count = 0;
> - else
> - count = 1;
> -
> while (*ptr == 255) {
> ptr++;
> count += 8;
> @@ -177,21 +171,17 @@ static int _get_new_blk_no(unsigned char
> *buffer) return -1;
> }
>
> - for (j = 0; j < fs->blksz; j++) {
> - input = *ptr;
> - int i = 0;
> - while (i <= 7) {
> - operand = 1 << i;
> - status = input & operand;
> - if (status) {
> - i++;
> - count++;
> - } else {
> - *ptr |= operand;
> - return count;
> - }
> + if (fs->blksz == 1024)
> + count += 1;
> +
> + for (i = 0; i <= 7; i++) {
> + operand = 1 << i;
> + if (*ptr & operand) {
> + count++;
> + } else {
> + *ptr |= operand;
> + return count;
> }
> - ptr = ptr + 1;
> }
>
> return -1;
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
--
Best regards,
Lukasz Majewski
Samsung R&D Institute Poland (SRPOL) | Linux Platform Group
next prev parent reply other threads:[~2016-08-29 14:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160828204238.10809-1-stefan.bruens@rwth-aachen.de>
2016-08-28 20:42 ` [U-Boot] [PATCH v3 01/13] ext4: fix possible crash on directory traversal, ignore deleted entries Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 02/13] ext4: propagate error if creation of directory entry fails Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 03/13] ext4: Do not crash when trying to grow a directory using extents Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 04/13] ext4: Scan all directory blocks for space when inserting a new entry Stefan Brüns
2016-08-29 13:56 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 05/13] ext4: Avoid corruption of directories with hash tree indexes Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 06/13] ext4: scan all directory blocks when looking up an entry Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 07/13] ext4: only update number of of unused inodes if GDT_CSUM feature is set Stefan Brüns
2016-08-29 14:03 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 08/13] ext4: do not clear zalloc'ed buffers a second time Stefan Brüns
2016-08-29 14:04 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 09/13] ext4: After completely filled group, scan next group from the beginning Stefan Brüns
2016-08-29 14:06 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 10/13] ext4: Avoid out-of-bounds access of block bitmap Stefan Brüns
2016-08-29 14:08 ` Lukasz Majewski [this message]
2016-08-28 20:42 ` [U-Boot] [PATCH v3 11/13] ext4: Fix memory leak in case of failure Stefan Brüns
2016-08-29 14:09 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 12/13] ext4: Use correct value for inode size even on revision 0 filesystems Stefan Brüns
2016-08-29 14:09 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 13/13] ext4: initialize full inode for inodes bigger than 128 bytes Stefan Brüns
2016-08-29 14:11 ` Lukasz Majewski
[not found] ` <20160828204238.10809-14-stefan.bruens@rwth-aachen.de>
2016-09-05 23:56 ` Stefan Bruens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160829160841.5eebee28@amdc2363 \
--to=l.majewski@samsung.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.