diff options
author | Sheng Yong <shengyong@oppo.com> | 2022-11-10 22:07:22 +0800 |
---|---|---|
committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2022-11-21 12:35:02 -0800 |
commit | ccd2361c296315945c71bcbdd07c8521ac101c9f (patch) | |
tree | 2b58649f16c27425e9655011b124e1b7663751c9 | |
parent | cd6b1337b14aa325a02f3561455b9d629cc9a069 (diff) | |
download | f2fs-tools-ccd2361c296315945c71bcbdd07c8521ac101c9f.tar.gz |
fsck.f2fs: fix potential overflow of copying i_name
If i_namelen is corrupted, there may be an overflow when doing memcpy.
Signed-off-by: Sheng Yong <shengyong@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
-rw-r--r-- | fsck/fsck.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fsck/fsck.c b/fsck/fsck.c index 036a834..ebc60ad 100644 --- a/fsck/fsck.c +++ b/fsck/fsck.c @@ -742,8 +742,10 @@ check_next: if (ftype == F2FS_FT_DIR) { f2fs_set_main_bitmap(sbi, ni->blk_addr, CURSEG_HOT_NODE); - memcpy(child.p_name, node_blk->i.i_name, - node_blk->i.i_namelen); + namelen = le32_to_cpu(node_blk->i.i_namelen); + if (namelen > F2FS_NAME_LEN) + namelen = F2FS_NAME_LEN; + memcpy(child.p_name, node_blk->i.i_name, namelen); } else { if (f2fs_test_main_bitmap(sbi, ni->blk_addr) == 0) { f2fs_set_main_bitmap(sbi, ni->blk_addr, |