From 750000cf55bc372cd102e4a8d24f90294c38e676 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Fri, 11 Nov 2016 18:34:35 -0500
Subject: [PATCH] e2fsck: avoid dereferencing beyond allocated memory with 128
 byte inodes

Detected by ASAN when the inode size is 128 bytes.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 e2fsck/pass1.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/e2fsck/pass1.c b/e2fsck/pass1.c
index ac4d554..8ef40f6 100644
--- a/e2fsck/pass1.c
+++ b/e2fsck/pass1.c
@@ -1063,6 +1063,7 @@ void e2fsck_pass1(e2fsck_t ctx)
 	int		imagic_fs, extent_fs, inlinedata_fs;
 	int		low_dtime_check = 1;
 	int		inode_size = EXT2_INODE_SIZE(fs->super);
+	int		bufsize;
 	int		failed_csum = 0;
 	ext2_ino_t	ino_threshold = 0;
 	dgrp_t		ra_group = 0;
@@ -1162,8 +1163,11 @@ void e2fsck_pass1(e2fsck_t ctx)
 		ctx->flags |= E2F_FLAG_ABORT;
 		return;
 	}
+	bufsize = inode_size;
+	if (bufsize < sizeof(struct ext2_inode_large))
+		bufsize = sizeof(struct ext2_inode_large);
 	inode = (struct ext2_inode *)
-		e2fsck_allocate_memory(ctx, inode_size, "scratch inode");
+		e2fsck_allocate_memory(ctx, bufsize, "scratch inode");
 
 	inodes_to_process = (struct process_inode_block *)
 		e2fsck_allocate_memory(ctx,
-- 
1.8.3.1