]>
Commit | Line | Data |
---|---|---|
82094b55 AF |
1 | From: Jeff Mahoney <jeffm@suse.com> |
2 | Subject: [PATCH] hfs: fix oops on mount with corrupted btree extent records | |
3 | References: bnc#476582 bko#13083 | |
4 | ||
5 | A particular fsfuzzer run caused an hfs file system to crash on mount. This | |
6 | is due to a corrupted MDB extent record causing a miscalculation of | |
7 | HFS_I(inode)->first_blocks for the extent tree. If the extent records | |
8 | are zereod out, then it won't trigger the first_blocks special case and | |
9 | instead falls through to the extent code, which we're in the middle | |
10 | of initializing. | |
11 | ||
12 | This patch catches the 0 size extent records, reports the corruption, | |
13 | and fails the mount. | |
14 | ||
15 | Reported-by: Ramon de Carvalho Valle <rcvalle@linux.vnet.ibm.com> | |
16 | Signed-off-by: Jeff Mahoney <jeffm@suse.com> | |
17 | --- | |
18 | fs/hfs/btree.c | 5 +++++ | |
19 | 1 file changed, 5 insertions(+) | |
20 | ||
21 | --- a/fs/hfs/btree.c | |
22 | +++ b/fs/hfs/btree.c | |
23 | @@ -58,6 +58,11 @@ struct hfs_btree *hfs_btree_open(struct | |
24 | } | |
25 | unlock_new_inode(tree->inode); | |
26 | ||
27 | + if (!HFS_I(tree->inode)->first_blocks) { | |
28 | + printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n"); | |
29 | + goto free_inode; | |
30 | + } | |
31 | + | |
32 | mapping = tree->inode->i_mapping; | |
33 | page = read_mapping_page(mapping, 0, NULL); | |
34 | if (IS_ERR(page)) |