On 06/15, Chao Yu wrote: > On 6/3/26 23:49, Samuel Moelius wrote: > > Inline dentry conversion copies names out of the inline dentry area > > before checking that each recorded name length fits in the available > > filename slots. > > > > A corrupted image can therefore make the conversion path read past > > the inline filename storage while building the regular dentry block. > > > > Validate each inline dentry name length against the inline filename > > area before copying it. > > > > Assisted-by: Codex:gpt-5.5-cyber-preview > > Signed-off-by: Samuel Moelius <[email protected]> > > --- > > fs/f2fs/inline.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c > > index 7aabfc9b43cb..4584dfbe3fb8 100644 > > --- a/fs/f2fs/inline.c > > +++ b/fs/f2fs/inline.c > > @@ -507,6 +507,10 @@ static int f2fs_add_inline_entries(struct inode *dir, > > void *inline_dentry) > > bit_pos++; > > continue; > > } > > + if (unlikely(le16_to_cpu(de->name_len) > F2FS_NAME_LEN || > > + bit_pos + > > GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)) > > > + d.max)) > > + return -EFSCORRUPTED; > > err = -EFSCORRUPTED; > goto punch_dentry_pages;
Applied with it. > > Thanks, > > > > > /* > > * We only need the disk_name and hash to move the dentry. > _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
