From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: tytso@mit.edu, darrick.wong@oracle.com
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 16/24] e2fsck: don't crash during rehash
Date: Fri, 18 Jul 2014 15:54:15 -0700 [thread overview]
Message-ID: <20140718225415.31374.89196.stgit@birch.djwong.org> (raw)
In-Reply-To: <20140718225200.31374.85411.stgit@birch.djwong.org>
If a user crafts a carefully constructed filesystem containing a
single directory entry block with an invalid checksum and fewer than
two entries, and then runs e2fsck to fix the filesystem, fsck will
crash when it tries to "compress" the short dir and passes a negative
dirent array length to qsort. Therefore, don't allow directory
"compression" in this situation.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
e2fsck/rehash.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
index f75479a..5913ae7 100644
--- a/e2fsck/rehash.c
+++ b/e2fsck/rehash.c
@@ -848,7 +848,7 @@ retry_nohash:
/* Sort the list */
resort:
- if (fd.compress)
+ if (fd.compress && fd.num_array > 1)
qsort(fd.harray+2, fd.num_array-2, sizeof(struct hash_entry),
hash_cmp);
else
@@ -867,7 +867,7 @@ resort:
}
/* Sort non-hashed directories by inode number */
- if (fd.compress)
+ if (fd.compress && fd.num_array > 1)
qsort(fd.harray+2, fd.num_array-2,
sizeof(struct hash_entry), ino_cmp);
next prev parent reply other threads:[~2014-07-18 22:54 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-18 22:52 [PATCH 00/24] e2fsprogs patchbomb 7/14, part 1 Darrick J. Wong
2014-07-18 22:52 ` [PATCH 01/24] e4defrag: backwards-allocated files should be defragmented too Darrick J. Wong
2014-07-21 23:44 ` Akira Fujita
2014-07-22 16:32 ` Theodore Ts'o
2014-07-18 22:52 ` [PATCH 02/24] debugfs: Only print the first 60 bytes from i_block on a fast symlink Darrick J. Wong
2014-07-19 16:49 ` Andreas Dilger
2014-07-22 16:43 ` Theodore Ts'o
2014-07-22 20:39 ` Darrick J. Wong
2014-07-22 20:34 ` Darrick J. Wong
2014-07-18 22:52 ` [PATCH 03/24] debugfs: create idump command to dump an inode in hex Darrick J. Wong
2014-07-22 17:47 ` Theodore Ts'o
2014-07-18 22:52 ` [PATCH 04/24] debugfs: allow bmap to allocate blocks Darrick J. Wong
2014-07-22 17:52 ` Theodore Ts'o
2014-07-18 22:52 ` [PATCH 05/24] e2fsck: report correct inode number in pass1b Darrick J. Wong
2014-07-22 17:47 ` Theodore Ts'o
2014-07-18 22:52 ` [PATCH 06/24] e2fsck: don't offer to recreate the journal if fsck is aborting due to bad block bitmaps Darrick J. Wong
2014-07-22 17:58 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 07/24] e2fsck: skip clearing bad extents if bitmaps are unreadable Darrick J. Wong
2014-07-22 17:58 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 08/24] e2fsck: fix inode coherency issue when iterating an inode's blocks Darrick J. Wong
2014-07-22 18:58 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 09/24] e2fsck: clear i_block if there are too many bad block mappings Darrick J. Wong
2014-07-22 18:59 ` Theodore Ts'o
2014-07-22 22:14 ` Darrick J. Wong
2014-07-22 22:48 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 10/24] e2fsck: don't clobber critical metadata during check_blocks Darrick J. Wong
2014-07-25 1:03 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 11/24] e2fsck: free ctx->fs, not fs, at the end of fsck Darrick J. Wong
2014-07-25 1:14 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 12/24] e2fsck: force all block allocations to use block_found_map Darrick J. Wong
2014-07-25 2:18 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 13/24] e2fsck: fix off-by-one bounds check on group number Darrick J. Wong
2014-07-25 2:20 ` Theodore Ts'o
2014-07-18 22:53 ` [PATCH 14/24] libext2fs: fix bounds check of the bitmap test range in get_free_blocks2 Darrick J. Wong
2014-07-25 11:13 ` Theodore Ts'o
2014-07-18 22:54 ` [PATCH 15/24] misc: fix problems with strncat Darrick J. Wong
2014-07-25 11:22 ` Theodore Ts'o
2014-07-18 22:54 ` Darrick J. Wong [this message]
2014-07-25 11:22 ` [PATCH 16/24] e2fsck: don't crash during rehash Theodore Ts'o
2014-07-18 22:54 ` [PATCH 17/24] e2fsck: reserve blocks for root/lost+found directory repair Darrick J. Wong
2014-07-25 12:12 ` Theodore Ts'o
2014-07-25 20:19 ` Darrick J. Wong
2014-07-18 22:54 ` [PATCH 18/24] e2fsck: collapse holes in extent-based directories Darrick J. Wong
2014-07-25 12:33 ` Theodore Ts'o
2014-07-18 22:54 ` [PATCH 19/24] e2fsck: always submit logical block 0 of a directory for pass 2 Darrick J. Wong
2014-07-25 12:40 ` Theodore Ts'o
2014-07-18 22:54 ` [PATCH 20/24] e2fsck: pass2 should not process directory blocks that are impossibly large Darrick J. Wong
2014-07-25 12:42 ` Theodore Ts'o
2014-07-18 22:55 ` [PATCH 21/24] e2fsck: clear uninit flag on directory extents Darrick J. Wong
2014-07-25 13:00 ` Theodore Ts'o
2014-07-18 22:55 ` [PATCH 22/24] e2fsck: check return value of ext2fs_extent_fix_parents() Darrick J. Wong
2014-07-25 12:51 ` Theodore Ts'o
2014-07-18 22:55 ` [PATCH 23/24] mke2fs: set error behavior at initialization time Darrick J. Wong
2014-07-25 13:00 ` Theodore Ts'o
2014-07-18 22:55 ` [PATCH 24/24] e2fuzz: Create a tool to fuzz ext* filesystems Darrick J. Wong
2014-07-25 13:16 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140718225415.31374.89196.stgit@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).