This fixes potential seg faults when opening a fuzzed file system with
block group descriptors containing a bogus inode table location.
Google-Bug-Id:
119929050
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
blk_t block, int num)
{
EXT2_CHECK_MAGIC(bitmap, EXT2_ET_MAGIC_BLOCK_BITMAP);
blk_t block, int num)
{
EXT2_CHECK_MAGIC(bitmap, EXT2_ET_MAGIC_BLOCK_BITMAP);
- if ((block < bitmap->start) || (block+num-1 > bitmap->real_end)) {
+ if ((block < bitmap->start) || (block > bitmap->real_end) ||
+ (block+num-1 > bitmap->real_end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_TEST,
block, bitmap->description);
return 0;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_TEST,
block, bitmap->description);
return 0;
ext2_ino_t inode, int num)
{
EXT2_CHECK_MAGIC(bitmap, EXT2_ET_MAGIC_INODE_BITMAP);
ext2_ino_t inode, int num)
{
EXT2_CHECK_MAGIC(bitmap, EXT2_ET_MAGIC_INODE_BITMAP);
- if ((inode < bitmap->start) || (inode+num-1 > bitmap->real_end)) {
+ if ((inode < bitmap->start) || (inode > bitmap->real_end) ||
+ (inode+num-1 > bitmap->real_end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_INODE_TEST,
inode, bitmap->description);
return 0;
ext2fs_warn_bitmap(EXT2_ET_BAD_INODE_TEST,
inode, bitmap->description);
return 0;
- if ((block < bitmap->start) || (block+num-1 > bitmap->end)) {
+ if ((block < bitmap->start) || (block > bitmap->end) ||
+ (block+num-1 > bitmap->end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_MARK, block,
bitmap->description);
return;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_MARK, block,
bitmap->description);
return;
- if ((block < bitmap->start) || (block+num-1 > bitmap->end)) {
+ if ((block < bitmap->start) || (block > bitmap->end) ||
+ (block+num-1 > bitmap->end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_UNMARK, block,
bitmap->description);
return;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_UNMARK, block,
bitmap->description);
return;
bmap, block);
if (EXT2FS_IS_32_BITMAP(bmap)) {
bmap, block);
if (EXT2FS_IS_32_BITMAP(bmap)) {
- if ((block+num-1) & ~0xffffffffULL) {
+ if ((block & ~0xffffffffULL) ||
+ ((block+num-1) & ~0xffffffffULL)) {
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return EINVAL;
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return EINVAL;
end >>= bmap->cluster_bits;
num = end - block;
end >>= bmap->cluster_bits;
num = end - block;
- if ((block < bmap->start) || (block+num-1 > bmap->end)) {
+ if ((block < bmap->start) || (block > bmap->end) ||
+ (block+num-1 > bmap->end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_TEST, block,
bmap->description);
return EINVAL;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_TEST, block,
bmap->description);
return EINVAL;
return;
if (EXT2FS_IS_32_BITMAP(bmap)) {
return;
if (EXT2FS_IS_32_BITMAP(bmap)) {
- if ((block+num-1) & ~0xffffffffULL) {
+ if ((block & ~0xffffffffULL) ||
+ ((block+num-1) & ~0xffffffffULL)) {
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return;
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return;
end >>= bmap->cluster_bits;
num = end - block;
end >>= bmap->cluster_bits;
num = end - block;
- if ((block < bmap->start) || (block+num-1 > bmap->end)) {
+ if ((block < bmap->start) || (block > bmap->end) ||
+ (block+num-1 > bmap->end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_MARK, block,
bmap->description);
return;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_MARK, block,
bmap->description);
return;
return;
if (EXT2FS_IS_32_BITMAP(bmap)) {
return;
if (EXT2FS_IS_32_BITMAP(bmap)) {
- if ((block+num-1) & ~0xffffffffULL) {
+ if ((block & ~0xffffffffULL) ||
+ ((block+num-1) & ~0xffffffffULL)) {
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return;
ext2fs_warn_bitmap2((ext2fs_generic_bitmap) bmap,
EXT2FS_UNMARK_ERROR, 0xffffffff);
return;
end >>= bmap->cluster_bits;
num = end - block;
end >>= bmap->cluster_bits;
num = end - block;
- if ((block < bmap->start) || (block+num-1 > bmap->end)) {
+ if ((block < bmap->start) || (block > bmap->end) ||
+ (block+num-1 > bmap->end)) {
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_UNMARK, block,
bmap->description);
return;
ext2fs_warn_bitmap(EXT2_ET_BAD_BLOCK_UNMARK, block,
bmap->description);
return;