top = EXT2_DIRENT_TAIL(dirent, fs->blocksize);
rec_len = translate(d->rec_len);
- while (rec_len && !(rec_len & 0x3)) {
+ while ((void *) d < top) {
+ if ((rec_len < 8) || (rec_len & 0x03))
+ return EXT2_ET_DIR_CORRUPTED;
d = (struct ext2_dir_entry *)(((char *)d) + rec_len);
- if ((void *)d >= top)
- break;
rec_len = translate(d->rec_len);
}
+ if ((void *)d > ((void *)dirent + fs->blocksize))
+ return EXT2_ET_DIR_CORRUPTED;
if (d != top)
return EXT2_ET_DIR_NO_SPACE_FOR_CSUM;
int ext2fs_dirent_has_tail(ext2_filsys fs, struct ext2_dir_entry *dirent)
{
- return __get_dirent_tail(fs, dirent, NULL, 0) == 0;
+ return __get_dirent_tail(fs, dirent, NULL, 0) !=
+ EXT2_ET_DIR_NO_SPACE_FOR_CSUM;
}
static errcode_t ext2fs_dirent_csum(ext2_filsys fs, ext2_ino_t inum,
Directory inode 14, block #0, offset 0: directory has no checksum.
Fix? yes
-Directory inode 15, block #0, offset 0: directory has no checksum.
-Fix? yes
-
Directory inode 15, block #0, offset 1000: directory corrupted
Salvage? yes
-Directory inode 16, block #0, offset 0: directory has no checksum.
+Entry '' in ??? (15) has rec_len of 0, should be 12.
Fix? yes
Directory inode 16, block #0, offset 12: directory corrupted
Salvage? yes
-Directory inode 17, block #0, offset 0: directory has no checksum.
-Fix? yes
-
Directory inode 17, block #0, offset 0: directory corrupted
Salvage? yes
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
-Directory inode 2, block #0, offset 0: directory has no checksum.
-Fix? yes
-
Directory inode 2, block #0, offset 0: directory corrupted
Salvage? yes
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
-Directory inode 2, block #0, offset 0: directory has no checksum.
-Fix? yes
-
First entry '' (inode=348) in directory inode 2 (???) should be '.'
Fix? yes
Directory inode 2, block #0, offset 860: directory corrupted
Salvage? yes
+Entry '' in ??? (2) has rec_len of 0, should be 12.
+Fix? yes
+
Directory inode 11, block #0, offset 0: directory corrupted
Salvage? yes
Directory inode 11, block #3, offset 864: directory corrupted
Salvage? yes
+Entry '' in ??? (11) has rec_len of 0, should be 12.
+Fix? yes
+
Pass 3: Checking directory connectivity
'..' in / (2) is <The NULL inode> (0), should be / (2).
Fix? yes