jfs: Fix array-index-out-of-bounds in diFree

author Jeongjun Park <aha310510@gmail.com>

Thu, 30 May 2024 13:28:09 +0000 (22:28 +0900)

committer Dave Kleikamp <dave.kleikamp@oracle.com>

Wed, 26 Jun 2024 17:38:50 +0000 (12:38 -0500)
author Jeongjun Park <aha310510@gmail.com>
Thu, 30 May 2024 13:28:09 +0000 (22:28 +0900)
committer Dave Kleikamp <dave.kleikamp@oracle.com>
Wed, 26 Jun 2024 17:38:50 +0000 (12:38 -0500)
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c

index 2ec35889ad24ed03234798bc8fbce1164a0b4a92..1407feccbc2d05abec0b6be7ffaab32b5f44b7cd 100644 (file)
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -290,7 +290,7 @@ int diSync(struct inode *ipimap)
  int diRead(struct inode *ip)
  {
         struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
-       int iagno, ino, extno, rc;
+       int iagno, ino, extno, rc, agno;
         struct inode *ipimap;
         struct dinode *dp;
         struct iag *iagp;
@@ -339,8 +339,11 @@ int diRead(struct inode *ip)
  
         /* get the ag for the iag */
         agstart = le64_to_cpu(iagp->agstart);
+       agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb));
  
         release_metapage(mp);
+       if (agno >= MAXAG || agno < 0)
+               return -EIO;
  
         rel_inode = (ino & (INOSPERPAGE - 1));
         pageno = blkno >> sbi->l2nbperpage;
author	Jeongjun Park <aha310510@gmail.com>
	Thu, 30 May 2024 13:28:09 +0000 (22:28 +0900)
committer	Dave Kleikamp <dave.kleikamp@oracle.com>
	Wed, 26 Jun 2024 17:38:50 +0000 (12:38 -0500)