From bd9ac48c9200bbfb9964d31e33c6aacb26ce49ff Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Fri, 12 Feb 2021 12:04:21 -0500
Subject: [PATCH] debugfs: add journal header checks in logdump

Addresses-Coverity-Bug: 1431466
Addresses-Coverity-Bug: 1432478
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 debugfs/logdump.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/debugfs/logdump.c b/debugfs/logdump.c
index 56d6210..32757f3 100644
--- a/debugfs/logdump.c
+++ b/debugfs/logdump.c
@@ -406,7 +406,12 @@ static void dump_journal(char *cmdname, FILE *out_file,
 			"Journal superblock magic number invalid!\n");
 		return;
 	}
-	blocksize = be32_to_cpu(jsb->s_blocksize);
+	if (be32_to_cpu(jsb->s_blocksize) != blocksize) {
+		fprintf(out_file,
+			"Journal block size invalid: %u\n",
+			be32_to_cpu(jsb->s_blocksize));
+		return;
+	}
 	transaction = be32_to_cpu(jsb->s_sequence);
 	blocknr = be32_to_cpu(jsb->s_start);
 
@@ -690,6 +695,11 @@ static void dump_revoke_block(FILE *out_file, char *buf,
 	header = (jbd2_journal_revoke_header_t *) buf;
 	offset = sizeof(jbd2_journal_revoke_header_t);
 	max = be32_to_cpu(header->r_count);
+	if (max > jsb->s_blocksize) {
+		fprintf(out_file, "Revoke block's r_count invalid: %u\b",
+			max);
+		max = jsb->s_blocksize;
+	}
 
 	while (offset < max) {
 		if (tag_size == sizeof(__u32)) {
-- 
1.8.3.1