ROMFS: fix length used with romfs_dev_strnlen() function

An interestingly corrupted romfs file system exposed a problem with the romfs_dev_strnlen function: it's passing the wrong value to its helpers. Rather than limit the string to the length passed in by the callers, it uses the size of the device as the limit. Signed-off-by: N Bernd Schmidt <bernds_cb1@t-online.de> Signed-off-by: N Mike Frysinger <vapier@gentoo.org> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>

ROMFS: fix length used with romfs_dev_strnlen() function
An interestingly corrupted romfs file system exposed a problem with the romfs_dev_strnlen function: it's passing the wrong value to its helpers. Rather than limit the string to the length passed in by the callers, it uses the size of the device as the limit. Signed-off-by: N Bernd Schmidt <bernds_cb1@t-online.de> Signed-off-by: N Mike Frysinger <vapier@gentoo.org> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>
ef1f7a7e · Bernd Schmidt · Linus Torvalds · c6c59927 · ef1f7a7e
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

fs/romfs/storage.c fs/romfs/storage.c +2 -2

未找到文件。
--- a/fs/romfs/storage.c
+++ b/fs/romfs/storage.c
@@ -253,11 +253,11 @@ ssize_t romfs_dev_strnlen(struct super_block *sb,
 #ifdef CONFIG_ROMFS_ON_MTD
 	if (sb->s_mtd)
-		return romfs_mtd_strnlen(sb, pos, limit);
+		return romfs_mtd_strnlen(sb, pos, maxlen);
 #endif
 #ifdef CONFIG_ROMFS_ON_BLOCK
 	if (sb->s_bdev)
-		return romfs_blk_strnlen(sb, pos, limit);
+		return romfs_blk_strnlen(sb, pos, maxlen);
 #endif
 	return -EIO;
 }