summaryrefslogtreecommitdiffstats
path: root/fs/ubifs/orphan.c
diff options
context:
space:
mode:
authorZhihao Cheng <chengzhihao1@huawei.com>2020-06-16 09:11:44 +0200
committerRichard Weinberger <richard@nod.at>2020-12-13 22:12:32 +0100
commita33e30a0e023e9d1866866ca895c7789f48445e7 (patch)
tree383b2fd9b04365a17ed31c4b624d278cf8e23607 /fs/ubifs/orphan.c
parentRevert "ubifs: Fix out-of-bounds memory access caused by abnormal value of no... (diff)
downloadlinux-a33e30a0e023e9d1866866ca895c7789f48445e7.tar.xz
linux-a33e30a0e023e9d1866866ca895c7789f48445e7.zip
ubifs: Pass node length in all node dumping callers
Function ubifs_dump_node() has been modified to avoid memory oob accessing while dumping node, node length (corresponding to the size of allocated memory for node) should be passed into all node dumping callers. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/orphan.c')
-rw-r--r--fs/ubifs/orphan.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c
index 0fb61956146d..4909321d84cf 100644
--- a/fs/ubifs/orphan.c
+++ b/fs/ubifs/orphan.c
@@ -646,7 +646,8 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
if (snod->type != UBIFS_ORPH_NODE) {
ubifs_err(c, "invalid node type %d in orphan area at %d:%d",
snod->type, sleb->lnum, snod->offs);
- ubifs_dump_node(c, snod->node);
+ ubifs_dump_node(c, snod->node,
+ c->leb_size - snod->offs);
err = -EINVAL;
goto out_free;
}
@@ -674,7 +675,8 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
if (!first) {
ubifs_err(c, "out of order commit number %llu in orphan node at %d:%d",
cmt_no, sleb->lnum, snod->offs);
- ubifs_dump_node(c, snod->node);
+ ubifs_dump_node(c, snod->node,
+ c->leb_size - snod->offs);
err = -EINVAL;
goto out_free;
}