[PATCH 1/8] libext2fs: fix off-by-one bug in punch_extent_blocks

Linux EXT4 FS development
 help / color / mirror / Atom feed

From: "Darrick J. Wong" <djwong@kernel.org>
To: tytso@mit.edu
Cc: linux-ext4@vger.kernel.org, linux-ext4@vger.kernel.org
Subject: [PATCH 1/8] libext2fs: fix off-by-one bug in punch_extent_blocks
Date: Sun, 06 Jul 2025 11:31:00 -0700	[thread overview]
Message-ID: <175182662987.1984706.5292286424808159532.stgit@frogsfrogsfrogs> (raw)
In-Reply-To: <175182662934.1984706.3737778061161342509.stgit@frogsfrogsfrogs>

From: Darrick J. Wong <djwong@kernel.org>

punch_extent_blocks tries to validate its input parameters to make sure
that the physical range of blocks being punched do not go past the end
of the filesystem.  Unfortunately, there's an off-by-one bug in the
valiation, because start==0 count==10 is a perfectly valid range on a
10-block filesystem.

Cc: <linux-ext4@vger.kernel.org> # v1.46.6
Fixes: 6772d4969e9c90 ("libext2fs: check for invalid blocks in ext2fs_punch_blocks()")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
---
 lib/ext2fs/punch.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ext2fs/punch.c b/lib/ext2fs/punch.c
index 80c699eb0c13f5..19b6a37824c589 100644
--- a/lib/ext2fs/punch.c
+++ b/lib/ext2fs/punch.c
@@ -201,7 +201,7 @@ static errcode_t punch_extent_blocks(ext2_filsys fs, ext2_ino_t ino,
 	errcode_t	retval = 0;

 	if (free_start < fs->super->s_first_data_block ||
-	    (free_start + free_count) >= ext2fs_blocks_count(fs->super))
+	    (free_start + free_count) > ext2fs_blocks_count(fs->super))
 		return EXT2_ET_BAD_BLOCK_NUM;

 	/* No bigalloc?  Just free each block. */

next prev parent reply	other threads:[~2025-07-06 18:31 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-06 18:30 [PATCHSET] fuse2fs: more bug fixes Darrick J. Wong
2025-07-06 18:31 ` Darrick J. Wong [this message]
2025-07-06 18:31 ` [PATCH 2/8] libext2fs: fix arguments passed to ->block_alloc_stats_range Darrick J. Wong
2025-07-06 18:31 ` [PATCH 3/8] fuse2fs: refactor uid/gid setting Darrick J. Wong
2025-07-06 18:31 ` [PATCH 4/8] fuse2fs: fix gid inheritance on sgid parent directories Darrick J. Wong
2025-07-06 18:32 ` [PATCH 5/8] fuse2fs: don't truncate when creating a new file Darrick J. Wong
2025-07-06 18:32 ` [PATCH 6/8] fuse2fs: fix incorrect EOFS input handling in FITRIM Darrick J. Wong
2025-07-06 18:32 ` [PATCH 7/8] fuse2fs: fix incorrect unit conversion at the end of FITRIM Darrick J. Wong
2025-07-06 18:32 ` [PATCH 8/8] fuse2fs: don't try to mount after option parsing errors Darrick J. Wong
2025-07-07 16:05 ` [PATCH 9/8] fuse2fs: fix relatime comparisons Darrick J. Wong
2025-07-08 17:33 ` [PATCH 10/8] fuse2fs: fix lockfile creation, again Darrick J. Wong
2025-07-09 16:51 ` [PATCH 11/8] fuse2fs: fix race condition in op_destroy Darrick J. Wong
2025-07-09 16:52 ` [PATCH 12/8] fuse2fs: fix races in statfs Darrick J. Wong
2025-07-17 14:59 ` [PATCH 13/8] fuse2fs: fix ST_RDONLY setting Darrick J. Wong
2025-07-17 14:59 ` [PATCH 14/8] libext2fs: fix data read corruption in ext2fs_file_read_inline_data Darrick J. Wong
2025-07-17 14:59 ` [PATCH 15/8] libext2fs: fix data corruption when writing to inline data files Darrick J. Wong
2025-07-17 22:01 ` [PATCH 16/8] fuse2fs: fix clean_block_middle when punching byte 0 of a block Darrick J. Wong
2025-07-17 22:01 ` [PATCH 17/8] fuse2fs: fix punch-out range calculation in fuse2fs_punch_range Darrick J. Wong
2025-07-22 19:40 ` [PATCH 18/8] fuse2fs: fix logging redirection Darrick J. Wong
2025-07-25 15:56 ` [PATCH 19/8] fuse2fs: don't record every errno in the superblock as an fs failure Darrick J. Wong
2025-07-26 16:28 ` [PATCH 20/8] fuse2fs: fix punching post-EOF blocks during truncate Darrick J. Wong
2025-07-30 17:23 ` [PATCH 21/8] fuse2fs: fix block parameter truncation on 32-bit Darrick J. Wong
2025-07-31 14:47 ` [PATCHSET] fuse2fs: more bug fixes Theodore Ts'o

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:80c699eb0c13f dfblob:19b6a37824c58 )
 OR (
bs:"[PATCH 1/8] libext2fs: fix off-by-one bug in punch_extent_blocks" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=175182662987.1984706.5292286424808159532.stgit@frogsfrogsfrogs \
    --to=djwong@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox