fsck.f2fS: is_valid_summary(): check whether offset is out of bounds

This adds a check to the is_valid_summary function to prevent a segfault if the calculated offset is out of bounds. Such an offset can for example occur as the result of corruption of the underlying hardware. I encountered this segfault on my own phone's sd card, so this is not just a theoretical concern. Signed-off-by: Arpad Müller <arpad.mueller@uni-bonn.de> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
author: Arpad Müller <arpad.mueller@uni-bonn.de> 2021-09-01 06:55:54 +0200
committer: Jaegeuk Kim <jaegeuk@kernel.org> 2021-09-03 17:13:25 -0700
commit: 63d50045739e45df19424c86ccbc80afa2bc0234 (patch)
tree: d949a22e10c6d7ba625177afd6ee686c3d41a0da
parent: 3fd996cc162bc8d7383fb556ca6356a3eb71609d (diff)
download: f2fs-tools-63d50045739e45df19424c86ccbc80afa2bc0234.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/fsck/fsck.c b/fsck/fsck.c
index 7c8437b..110c1ec 100644
--- a/fsck/fsck.c
+++ b/fsck/fsck.c
@@ -250,8 +250,12 @@ static int is_valid_summary(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
 	if (node_blk->footer.nid == node_blk->footer.ino) {
 		int ofs = get_extra_isize(node_blk);
 
+		if (ofs + ofs_in_node >= DEF_ADDRS_PER_INODE)
+			goto out;
 		target_blk_addr = node_blk->i.i_addr[ofs + ofs_in_node];
 	} else {
+		if (ofs_in_node >= DEF_ADDRS_PER_BLOCK)
+			goto out;
 		target_blk_addr = node_blk->dn.addr[ofs_in_node];
 	}
author	Arpad Müller <arpad.mueller@uni-bonn.de>	2021-09-01 06:55:54 +0200
committer	Jaegeuk Kim <jaegeuk@kernel.org>	2021-09-03 17:13:25 -0700
commit	63d50045739e45df19424c86ccbc80afa2bc0234 (patch)
tree	d949a22e10c6d7ba625177afd6ee686c3d41a0da
parent	3fd996cc162bc8d7383fb556ca6356a3eb71609d (diff)
download	f2fs-tools-63d50045739e45df19424c86ccbc80afa2bc0234.tar.gz