diff options
author | Fabian Frederick <fabf@skynet.be> | 2014-10-14 00:54:01 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-10-14 02:18:22 +0200 |
commit | 76e512108935ecdb46792208dae5f59c7ea78e25 (patch) | |
tree | 96ea1468ce3e23c2add86f986948a17d0eaad4ee | |
parent | memstick: r592: fix build warnings for !PM_SLEEP (diff) | |
download | linux-76e512108935ecdb46792208dae5f59c7ea78e25.tar.xz linux-76e512108935ecdb46792208dae5f59c7ea78e25.zip |
FS/OMFS: block number sanity check during fill_super operation
This patch defines maximum block number to 2^31. It also converts
bitmap_size and array_size to unsigned int in omfs_get_imap
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: Bob Copeland <me@bobcopeland.com>
Acked-by: Bob Copeland <me@bobcopeland.com>
Tested-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/omfs/inode.c | 10 | ||||
-rw-r--r-- | fs/omfs/omfs_fs.h | 1 |
2 files changed, 8 insertions, 3 deletions
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c index ba8819702c56..138321b0c6c2 100644 --- a/fs/omfs/inode.c +++ b/fs/omfs/inode.c @@ -306,9 +306,7 @@ static const struct super_operations omfs_sops = { */ static int omfs_get_imap(struct super_block *sb) { - int bitmap_size; - int array_size; - int count; + unsigned int bitmap_size, count, array_size; struct omfs_sb_info *sbi = OMFS_SB(sb); struct buffer_head *bh; unsigned long **ptr; @@ -473,6 +471,12 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent) sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize); mutex_init(&sbi->s_bitmap_lock); + if (sbi->s_num_blocks > OMFS_MAX_BLOCKS) { + printk(KERN_ERR "omfs: sysblock number (%llx) is out of range\n", + (unsigned long long)sbi->s_num_blocks); + goto out_brelse_bh; + } + if (sbi->s_sys_blocksize > PAGE_SIZE) { printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n", sbi->s_sys_blocksize); diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h index ee5e4327de92..83a98330ed66 100644 --- a/fs/omfs/omfs_fs.h +++ b/fs/omfs/omfs_fs.h @@ -18,6 +18,7 @@ #define OMFS_XOR_COUNT 19 #define OMFS_MAX_BLOCK_SIZE 8192 #define OMFS_MAX_CLUSTER_SIZE 8 +#define OMFS_MAX_BLOCKS (1ul << 31) struct omfs_super_block { char s_fill1[256]; |