Whamcloud - gitweb
git://git.whamcloud.com / tools / e2fsprogs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f008143) | patch
e2fsck: fix buffer overrun in revoke block scanning
authorDarrick J. Wong <darrick.wong@oracle.com>
Sun, 17 May 2015 00:50:21 +0000 (20:50 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Sun, 17 May 2015 00:50:21 +0000 (20:50 -0400)
commit04c66cb25f36d31c6f33196c9a7a8d206012cbba
treecc8001ff634a5102a9df0dfacaa7719d618d91aetree | snapshot
parentf008143cf5bfb93b5f5a0cb7018091b6f38301f8commit | diff
e2fsck: fix buffer overrun in revoke block scanning

Check the value of r_count to ensure that we never try to read revoke
records past the end of the revoke block.  It turns out that the
journal writing code in debugfs was also playing fast and loose with
the r_count, so fix that as well.

The Coverity bug was 1297508.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
debugfs/do_journal.c diff | blob | history
e2fsck/recovery.c diff | blob | history
e2fsck/revoke.c diff | blob | history
tests/j_corrupt_revoke_rcount/expect.1 [new file with mode: 0644] blob
tests/j_corrupt_revoke_rcount/expect.2 [new file with mode: 0644] blob
tests/j_corrupt_revoke_rcount/image.gz [new file with mode: 0644] blob
tests/j_corrupt_revoke_rcount/name [new file with mode: 0644] blob
Mirror of git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git