diff options
author | Shigeru Yoshida <syoshida@redhat.com> | 2023-08-21 06:33:12 +0200 |
---|---|---|
committer | Christian Brauner <brauner@kernel.org> | 2023-09-11 14:07:46 +0200 |
commit | 2251588143f65636cf3f3f12beb009084fa2d5d7 (patch) | |
tree | 249a96e65c91f23628871bfeaab5c3a1e13d310f /fs/reiserfs/reiserfs.h | |
parent | Linux 6.6-rc1 (diff) | |
download | linux-2251588143f65636cf3f3f12beb009084fa2d5d7.tar.xz linux-2251588143f65636cf3f3f12beb009084fa2d5d7.zip |
reiserfs: Replace 1-element array with C99 style flex-array
UBSAN found the following issue:
================================================================================
UBSAN: array-index-out-of-bounds in fs/reiserfs/journal.c:4166:22
index 1 is out of range for type '__le32 [1]'
This is because struct reiserfs_journal_desc uses 1-element array for
dynamically sized array member, j_realblock.
This patch fixes this issue by replacing the 1-element array member with C99
style flex-array. This patch also fixes the same issue in struct
reiserfs_journal_commit as the same manner.
Fixes: f466c6fdb3b1 ("move private bits of reiserfs_fs.h to fs/reiserfs/reiserfs.h")
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Message-Id: <20230821043312.1444068-1-syoshida@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'fs/reiserfs/reiserfs.h')
-rw-r--r-- | fs/reiserfs/reiserfs.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h index b81749492ef9..7d12b8c5b2fa 100644 --- a/fs/reiserfs/reiserfs.h +++ b/fs/reiserfs/reiserfs.h @@ -2699,7 +2699,7 @@ struct reiserfs_iget_args { #define get_journal_desc_magic(bh) (bh->b_data + bh->b_size - 12) #define journal_trans_half(blocksize) \ - ((blocksize - sizeof (struct reiserfs_journal_desc) + sizeof (__u32) - 12) / sizeof (__u32)) + ((blocksize - sizeof(struct reiserfs_journal_desc) - 12) / sizeof(__u32)) /* journal.c see journal.c for all the comments here */ @@ -2711,7 +2711,7 @@ struct reiserfs_journal_desc { __le32 j_len; __le32 j_mount_id; /* mount id of this trans */ - __le32 j_realblock[1]; /* real locations for each block */ + __le32 j_realblock[]; /* real locations for each block */ }; #define get_desc_trans_id(d) le32_to_cpu((d)->j_trans_id) @@ -2726,7 +2726,7 @@ struct reiserfs_journal_desc { struct reiserfs_journal_commit { __le32 j_trans_id; /* must match j_trans_id from the desc block */ __le32 j_len; /* ditto */ - __le32 j_realblock[1]; /* real locations for each block */ + __le32 j_realblock[]; /* real locations for each block */ }; #define get_commit_trans_id(c) le32_to_cpu((c)->j_trans_id) |