| To: | Eric Sandeen <sandeen@xxxxxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] xfs: catch invalid negative blknos in _xfs_buf_find() |
| From: | Eric Sandeen <sandeen@xxxxxxxxxxx> |
| Date: | Wed, 19 Nov 2014 16:27:25 -0600 |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <546D15E3.5000200@xxxxxxxxxx> |
| References: | <546D15E3.5000200@xxxxxxxxxx> |
On 11/19/14 4:12 PM, Eric Sandeen wrote: > Here blkno is a daddr_t, which is a __s64; it's possible to hold > a value which is negative, and thus pass the (blkno >= eofs) > test. Then we try to do a xfs_perag_get() for a ridiculous > agno via xfs_daddr_to_agno(), and bad things happen when that > fails, and returns a null pag which is dereferenced shortly > thereafter. > > Found via a user-supplied fuzzed image... NAK - this needs a bit more love; if we catch this and fail, the caller may still do something crazy with this data. V2 coming in a bit. -Eric |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH] xfs: catch invalid negative blknos in _xfs_buf_find(), Eric Sandeen |
|---|---|
| Next by Date: | I'm interested in your product, ALIBABA . COM |
| Previous by Thread: | [PATCH] xfs: catch invalid negative blknos in _xfs_buf_find(), Eric Sandeen |
| Next by Thread: | Re: [PATCH] xfs: catch invalid negative blknos in _xfs_buf_find(), Eric Sandeen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |