[U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity
@ 2017-08-21  2:30 Tom Rini
  2017-08-22 15:14 ` Brüns, Stefan
  2017-08-26 20:46 ` [U-Boot] " Tom Rini
  0 siblings, 2 replies; 3+ messages in thread
From: Tom Rini @ 2017-08-21  2:30 UTC (permalink / raw)
  To: u-boot

While &p_jdb[fs->blksz] is a valid expression (it points *one* char
sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
invalid (according to the C standard (C99/C11)).

Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);

Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Reported-by: Coverity (CID: 165117, 165110)
Signed-off-by: Tom Rini <trini@konsulko.com>
---
Stefan, since this is your suggestion and message, if you want me to v2
with you as Author, I'd be quite happy to, thanks again!
---
 fs/ext4/ext4_journal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c
index 5a25be4c8ac2..fed6287eac45 100644
--- a/fs/ext4/ext4_journal.c
+++ b/fs/ext4/ext4_journal.c
@@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no)
 	ofs = sizeof(struct journal_header_t);
 
 	do {
-		tag = (struct ext3_journal_block_tag *)&p_jdb[ofs];
+		tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
 		ofs += sizeof(struct ext3_journal_block_tag);
 
 		if (ofs > fs->blksz)
@@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag)
 			ofs = sizeof(struct journal_header_t);
 			do {
 				tag = (struct ext3_journal_block_tag *)
-				    &p_jdb[ofs];
+				    (p_jdb + ofs);
 				ofs += sizeof(struct ext3_journal_block_tag);
 				if (ofs > fs->blksz)
 					break;
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity
  2017-08-21  2:30 [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity Tom Rini
@ 2017-08-22 15:14 ` Brüns, Stefan
  2017-08-26 20:46 ` [U-Boot] " Tom Rini
  1 sibling, 0 replies; 3+ messages in thread
From: Brüns, Stefan @ 2017-08-22 15:14 UTC (permalink / raw)
  To: u-boot

On Montag, 21. August 2017 04:30:15 CEST Tom Rini wrote:
> While &p_jdb[fs->blksz] is a valid expression (it points *one* char
> sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
> invalid (according to the C standard (C99/C11)).
> 
> Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
> 
> Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
> Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
> Reported-by: Coverity (CID: 165117, 165110)
> Signed-off-by: Tom Rini <trini@konsulko.com>
> ---
> Stefan, since this is your suggestion and message, if you want me to v2
> with you as Author, I'd be quite happy to, thanks again!

Hi Tom,

whatever you like, both is fine with me.

Kind regards,

Stefan

PS:
Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

> ---
>  fs/ext4/ext4_journal.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c
> index 5a25be4c8ac2..fed6287eac45 100644
> --- a/fs/ext4/ext4_journal.c
> +++ b/fs/ext4/ext4_journal.c
> @@ -355,7 +355,7 @@ void recover_transaction(int prev_desc_logical_no)
>  	ofs = sizeof(struct journal_header_t);
> 
>  	do {
> -		tag = (struct ext3_journal_block_tag *)&p_jdb[ofs];
> +		tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
>  		ofs += sizeof(struct ext3_journal_block_tag);
> 
>  		if (ofs > fs->blksz)
> @@ -466,7 +466,7 @@ int ext4fs_check_journal_state(int recovery_flag)
>  			ofs = sizeof(struct journal_header_t);
>  			do {
>  				tag = (struct ext3_journal_block_tag *)
> -				    &p_jdb[ofs];
> +				    (p_jdb + ofs);
>  				ofs += sizeof(struct ext3_journal_block_tag);
>  				if (ofs > fs->blksz)
>  					break;

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [U-Boot] fs: ext4: Fix journal overrun issue reported by Coverity
  2017-08-21  2:30 [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity Tom Rini
  2017-08-22 15:14 ` Brüns, Stefan
@ 2017-08-26 20:46 ` Tom Rini
  1 sibling, 0 replies; 3+ messages in thread
From: Tom Rini @ 2017-08-26 20:46 UTC (permalink / raw)
  To: u-boot

On Sun, Aug 20, 2017 at 10:30:15PM -0400, Tom Rini wrote:

> While &p_jdb[fs->blksz] is a valid expression (it points *one* char
> sized element past the end of the array, e.g. &p_jdb[fs->blksz + 1] is
> invalid (according to the C standard (C99/C11)).
> 
> Changing this to tag = (struct ext3_journal_block_tag *)(p_jdb + ofs);
> 
> Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de>
> Suggested-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
> Reported-by: Coverity (CID: 165117, 165110)
> Signed-off-by: Tom Rini <trini@konsulko.com>
> Reviewed-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170826/fc4cd986/attachment.sig>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-08-26 20:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-21  2:30 [U-Boot] [PATCH] fs: ext4: Fix journal overrun issue reported by Coverity Tom Rini
2017-08-22 15:14 ` Brüns, Stefan
2017-08-26 20:46 ` [U-Boot] " Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox