From: Lukasz Majewski <l.majewski@samsung.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 10/13] ext4: Avoid out-of-bounds access of block bitmap
Date: Mon, 29 Aug 2016 16:08:41 +0200 [thread overview]
Message-ID: <20160829160841.5eebee28@amdc2363> (raw)
In-Reply-To: <d469f2e4cebb44d6874e1db2bfd5007f@rwthex-w2-b.rwth-ad.de>
Hi Stefan,
> If the blocksize is 1024, count is initialized with 1. Incrementing
> count by 8 will never match (count == fs->blksz * 8), and ptr may be
> incremented beyond the buffer end if the bitmap is filled. Add the
> startblock offset after the loop.
>
> Remove the second loop, as only the first iteration will be done.
>
> Signed-off-by: Stefan Br?ns <stefan.bruens@rwth-aachen.de>
> ---
> fs/ext4/ext4_common.c | 34 ++++++++++++----------------------
> 1 file changed, 12 insertions(+), 22 deletions(-)
>
> v3: Patch added to series
>
> diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
> index 362668b..11da6fa 100644
> --- a/fs/ext4/ext4_common.c
> +++ b/fs/ext4/ext4_common.c
> @@ -158,18 +158,12 @@ static int _get_new_inode_no(unsigned char
> *buffer)
> static int _get_new_blk_no(unsigned char *buffer)
> {
> - unsigned char input;
> - int operand, status;
> + int operand;
> int count = 0;
> - int j = 0;
> + int i;
> unsigned char *ptr = buffer;
> struct ext_filesystem *fs = get_fs();
>
> - if (fs->blksz != 1024)
> - count = 0;
> - else
> - count = 1;
> -
> while (*ptr == 255) {
> ptr++;
> count += 8;
> @@ -177,21 +171,17 @@ static int _get_new_blk_no(unsigned char
> *buffer) return -1;
> }
>
> - for (j = 0; j < fs->blksz; j++) {
> - input = *ptr;
> - int i = 0;
> - while (i <= 7) {
> - operand = 1 << i;
> - status = input & operand;
> - if (status) {
> - i++;
> - count++;
> - } else {
> - *ptr |= operand;
> - return count;
> - }
> + if (fs->blksz == 1024)
> + count += 1;
> +
> + for (i = 0; i <= 7; i++) {
> + operand = 1 << i;
> + if (*ptr & operand) {
> + count++;
> + } else {
> + *ptr |= operand;
> + return count;
> }
> - ptr = ptr + 1;
> }
>
> return -1;
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
--
Best regards,
Lukasz Majewski
Samsung R&D Institute Poland (SRPOL) | Linux Platform Group
next prev parent reply other threads:[~2016-08-29 14:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160828204238.10809-1-stefan.bruens@rwth-aachen.de>
2016-08-28 20:42 ` [U-Boot] [PATCH v3 01/13] ext4: fix possible crash on directory traversal, ignore deleted entries Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 02/13] ext4: propagate error if creation of directory entry fails Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 03/13] ext4: Do not crash when trying to grow a directory using extents Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 04/13] ext4: Scan all directory blocks for space when inserting a new entry Stefan Brüns
2016-08-29 13:56 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 05/13] ext4: Avoid corruption of directories with hash tree indexes Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 06/13] ext4: scan all directory blocks when looking up an entry Stefan Brüns
2016-08-28 20:42 ` [U-Boot] [PATCH v3 07/13] ext4: only update number of of unused inodes if GDT_CSUM feature is set Stefan Brüns
2016-08-29 14:03 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 08/13] ext4: do not clear zalloc'ed buffers a second time Stefan Brüns
2016-08-29 14:04 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 09/13] ext4: After completely filled group, scan next group from the beginning Stefan Brüns
2016-08-29 14:06 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 10/13] ext4: Avoid out-of-bounds access of block bitmap Stefan Brüns
2016-08-29 14:08 ` Lukasz Majewski [this message]
2016-08-28 20:42 ` [U-Boot] [PATCH v3 11/13] ext4: Fix memory leak in case of failure Stefan Brüns
2016-08-29 14:09 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 12/13] ext4: Use correct value for inode size even on revision 0 filesystems Stefan Brüns
2016-08-29 14:09 ` Lukasz Majewski
2016-08-28 20:42 ` [U-Boot] [PATCH v3 13/13] ext4: initialize full inode for inodes bigger than 128 bytes Stefan Brüns
2016-08-29 14:11 ` Lukasz Majewski
[not found] ` <20160828204238.10809-14-stefan.bruens@rwth-aachen.de>
2016-09-05 23:56 ` Stefan Bruens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160829160841.5eebee28@amdc2363 \
--to=l.majewski@samsung.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox