Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit e159332b9af4b04d882dbcfe1bb0117f0a6d4b58

Authored by Jan Kara
1 parent 4e2024624e
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

udf: Verify i_size when loading inode 

Verify that inode size is sane when loading inode with data stored in
ICB. Otherwise we may get confused later when working with the inode and
inode size is too big.

CC: stable@vger.kernel.org
Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no>
Signed-off-by: Jan Kara <jack@suse.cz>

Showing 1 changed file with 14 additions and 0 deletions Side-by-side Diff

... ... @@ -1489,6 +1489,20 @@
1489 1489 }
1490 1490 inode->i_generation = iinfo->i_unique;
1491 1491  
  1492 + /* Sanity checks for files in ICB so that we don't get confused later */
  1493 + if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
  1494 + /*
  1495 + * For file in ICB data is stored in allocation descriptor
  1496 + * so sizes should match
  1497 + */
  1498 + if (iinfo->i_lenAlloc != inode->i_size)
  1499 + goto out;
  1500 + /* File in ICB has to fit in there... */
  1501 + if (inode->i_size > inode->i_sb->s_blocksize -
  1502 + udf_file_entry_alloc_offset(inode))
  1503 + goto out;
  1504 + }
  1505 +
1492 1506 switch (fe->icbTag.fileType) {
1493 1507 case ICBTAG_FILE_TYPE_DIRECTORY:
1494 1508 inode->i_op = &udf_dir_inode_operations;