From: Karel Zak Date: Wed, 1 Jun 2016 12:55:15 +0000 (+0200) Subject: fsck.minix: fix endless loop and out of stack X-Git-Tag: v2.29-rc1~211 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65c74885df72750d347276d857f3c95a2b5983d9;p=thirdparty%2Futil-linux.git fsck.minix: fix endless loop and out of stack It seems there is no elegant way how to recovery if a directory i_zone (and i_size) is out of reality. Let's require human interaction to avoid endless loop when executed with --auto, etc. Addresses: https://github.com/karelzak/util-linux/issues/228 Signed-off-by: Karel Zak --- diff --git a/disk-utils/fsck.minix.c b/disk-utils/fsck.minix.c index 467f9dfc8c..726f5daaf3 100644 --- a/disk-utils/fsck.minix.c +++ b/disk-utils/fsck.minix.c @@ -296,6 +296,16 @@ check_mount(void) { return; } + +static int is_valid_zone_nr(unsigned short nr) +{ + if (nr < get_first_zone()) + return 0; + else if (nr >= get_nzones()) + return 0; + return 1; +} + /* check_zone_nr checks to see that *nr is a valid zone nr. If it isn't, it * will possibly be repaired. Check_zone_nr sets *corrected if an error was * corrected, and returns the zone (0 for no zone or a bad zone-number). */ @@ -1087,6 +1097,12 @@ recursive_check(unsigned int ino) { printf(_("%s: bad directory: size < 32"), current_name); errors_uncorrected = 1; } + + if ((!repair || automatic) && !is_valid_zone_nr(*dir->i_zone)) { + get_current_name(); + printf(_("%s: bad directory: invalid i_zone, use --repair to fix\n"), current_name); + return; + } for (offset = 0; offset < dir->i_size; offset += dirsize) check_file(dir, offset); }