diff options
author | Arpad Müller <arpad.mueller@uni-bonn.de> | 2021-09-01 06:55:54 +0200 |
---|---|---|
committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2021-09-03 17:13:25 -0700 |
commit | 63d50045739e45df19424c86ccbc80afa2bc0234 (patch) | |
tree | d949a22e10c6d7ba625177afd6ee686c3d41a0da | |
parent | 3fd996cc162bc8d7383fb556ca6356a3eb71609d (diff) | |
download | f2fs-tools-63d50045739e45df19424c86ccbc80afa2bc0234.tar.gz |
fsck.f2fS: is_valid_summary(): check whether offset is out of bounds
This adds a check to the is_valid_summary function to prevent a segfault
if the calculated offset is out of bounds. Such an offset can for example
occur as the result of corruption of the underlying hardware.
I encountered this segfault on my own phone's sd card, so this is not
just a theoretical concern.
Signed-off-by: Arpad Müller <arpad.mueller@uni-bonn.de>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
-rw-r--r-- | fsck/fsck.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fsck/fsck.c b/fsck/fsck.c index 7c8437b..110c1ec 100644 --- a/fsck/fsck.c +++ b/fsck/fsck.c @@ -250,8 +250,12 @@ static int is_valid_summary(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, if (node_blk->footer.nid == node_blk->footer.ino) { int ofs = get_extra_isize(node_blk); + if (ofs + ofs_in_node >= DEF_ADDRS_PER_INODE) + goto out; target_blk_addr = node_blk->i.i_addr[ofs + ofs_in_node]; } else { + if (ofs_in_node >= DEF_ADDRS_PER_BLOCK) + goto out; target_blk_addr = node_blk->dn.addr[ofs_in_node]; } |