xfs
[Top] [All Lists]

[PATCH] SGI-PV: Read buffer overflow

To: felixb@xxxxxxx, xfs@xxxxxxxxxxx, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Subject: [PATCH] SGI-PV: Read buffer overflow
From: Roel Kluin <roel.kluin@xxxxxxxxx>
Date: Sun, 02 Aug 2009 13:18:07 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=gSaP3IXdLyPi17WnRq2lsknE3LQQEOJZ/WNGx5Z6+A0=; b=SQumvQmUDbDhJERf3GCXkEa7f4sKLoPGiaCuNB1yeuNzk/V2uL0TdjZCoJr7UkIP9o /xRCpxxKXB1C2r1nJ3cRaJX2V+nXDmLaHcLDORwXZzRFgTcdw79DIFC6GuuxbyMhkzud rNqXXpGhqZxlspODZWO4yb5KDnaEnYA/kUeEg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=dAS+OOHeYnxoP5cGRWk7dikEfTxRFNfLHr/PetxqCZCh+VOx1teHgzWkTQ2fxlRTbM hqQUCAMjDEkNgNGyFuvf+HWpUFoi7uOvEHRp8AtTDpj+QAkDIeyI61iog4abUQOIjRod F/98yktc4cC8jf2XRSMKe41BP5EK89oBbAqg0=
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Thunderbird/3.0b2
Check whether index is within bounds before grabbing the element.

Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
diff --git a/fs/xfs/xfs_da_btree.c b/fs/xfs/xfs_da_btree.c
index 9ff6e57..ef1d275 100644
--- a/fs/xfs/xfs_da_btree.c
+++ b/fs/xfs/xfs_da_btree.c
@@ -1414,8 +1414,9 @@ xfs_da_path_shift(xfs_da_state_t *state, 
xfs_da_state_path_t *path,
        ASSERT(args != NULL);
        ASSERT(path != NULL);
        ASSERT((path->active > 0) && (path->active < XFS_DA_NODE_MAXDEPTH));
-       level = (path->active-1) - 1;   /* skip bottom layer in path */
-       for (blk = &path->blk[level]; level >= 0; blk--, level--) {
+       /* skip bottom layer in path */
+       for (level = (path->active-1) - 1; level >= 0; blk--, level--) {
+               blk = &path->blk[level];
                ASSERT(blk->bp != NULL);
                node = blk->bp->data;
                ASSERT(be16_to_cpu(node->hdr.info.magic) == XFS_DA_NODE_MAGIC);

<Prev in Thread] Current Thread [Next in Thread>