Whamcloud - gitweb
e2fsck: fix buffer overrun in revoke block scanning
authorDarrick J. Wong <darrick.wong@oracle.com>
Sun, 17 May 2015 00:50:21 +0000 (20:50 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Sun, 17 May 2015 00:50:21 +0000 (20:50 -0400)
commit04c66cb25f36d31c6f33196c9a7a8d206012cbba
treecc8001ff634a5102a9df0dfacaa7719d618d91ae
parentf008143cf5bfb93b5f5a0cb7018091b6f38301f8
e2fsck: fix buffer overrun in revoke block scanning

Check the value of r_count to ensure that we never try to read revoke
records past the end of the revoke block.  It turns out that the
journal writing code in debugfs was also playing fast and loose with
the r_count, so fix that as well.

The Coverity bug was 1297508.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
debugfs/do_journal.c
e2fsck/recovery.c
e2fsck/revoke.c
tests/j_corrupt_revoke_rcount/expect.1 [new file with mode: 0644]
tests/j_corrupt_revoke_rcount/expect.2 [new file with mode: 0644]
tests/j_corrupt_revoke_rcount/image.gz [new file with mode: 0644]
tests/j_corrupt_revoke_rcount/name [new file with mode: 0644]