提交 9afadc4b 编写于 作者: J Jan Kara 提交者: Jan Kara

udf: Fix memory corruption when fs mounted with noadinicb option

When UDF filesystem is mounted with noadinicb mount option, it
happens that we extend an empty directory with a block. A code in
udf_add_entry() didn't count with this possibility and used
uninitialized data leading to memory and filesystem corruption.
Add a check whether file already has some extents before operating
on them.
Signed-off-by: NJan Kara <jack@suse.cz>
上级 221e583a
...@@ -315,7 +315,7 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir, ...@@ -315,7 +315,7 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir,
uint16_t liu; uint16_t liu;
int block; int block;
kernel_lb_addr eloc; kernel_lb_addr eloc;
uint32_t elen; uint32_t elen = 0;
sector_t offset; sector_t offset;
struct extent_position epos = {}; struct extent_position epos = {};
struct udf_inode_info *dinfo; struct udf_inode_info *dinfo;
...@@ -406,7 +406,8 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir, ...@@ -406,7 +406,8 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir,
} }
add: add:
if (dinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { /* Is there any extent whose size we need to round up? */
if (dinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB && elen) {
elen = (elen + sb->s_blocksize - 1) & ~(sb->s_blocksize - 1); elen = (elen + sb->s_blocksize - 1) & ~(sb->s_blocksize - 1);
if (dinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT) if (dinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT)
epos.offset -= sizeof(short_ad); epos.offset -= sizeof(short_ad);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册