[f2fs-dev] [PATCH 1/1] f2fs-tools: sanity check blk_off for summary block entries

Jin Qian Thu, 27 Apr 2017 11:30:31 -0700

crafted malicious f2fs partition can fill an out of bound blk_off,
which cause overflow when accessing summary block entries.


Signed-off-by: Jin Qian <jinq...@google.com>
---
 fsck/mount.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fsck/mount.c b/fsck/mount.c
index 761baa0..0a63b71 100644
--- a/fsck/mount.c
+++ b/fsck/mount.c
@@ -889,6 +889,8 @@ static void read_compacted_summaries(struct f2fs_sb_info 
*sbi)
                else
                        blk_off = curseg->next_blkoff;
 
+               ASSERT(blk_off <= ENTRIES_IN_SUM);
+
                for (j = 0; j < blk_off; j++) {
                        struct f2fs_summary *s;
                        s = (struct f2fs_summary *)(kaddr + offset);
-- 
2.13.0.rc0.306.g87b477812d-goog


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

[f2fs-dev] [PATCH 1/1] f2fs-tools: sanity check blk_off for summary block entries

Reply via email to