From: Timo Warns <Warns@Pre-Sense.DE>
Date: Tue, 9 Aug 2011 07:40:47 +0000 (+0200)
Subject: libblkid: befs validate di_br_size !=0 and br_per_di_br != 0
X-Git-Tag: v2.20-rc2~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0cff5c1ac0432a707354ae6717abfae269fcdb8;p=thirdparty%2Futil-linux.git

libblkid: befs validate di_br_size !=0 and br_per_di_br != 0

Validate that di_br_size !=0 and br_per_di_br != 0. If one of them is 0, a
division-by-zero error will be triggered.

Signed-off-by: Timo Warns <warns@pre-sense.de>
---

diff --git a/libblkid/src/superblocks/befs.c b/libblkid/src/superblocks/befs.c
index 62414ec61f..930429a58d 100644
--- a/libblkid/src/superblocks/befs.c
+++ b/libblkid/src/superblocks/befs.c
@@ -200,9 +200,16 @@ unsigned char *get_tree_node(blkid_probe pr, const struct befs_super_block *bs,
 		int64_t di_br_size, br_per_di_br, di_index, i_index;
 
 		start -= (int64_t) FS64_TO_CPU(ds->max_indirect_range, fs_le);
+
 		di_br_size = (int64_t) FS16_TO_CPU(ds->double_indirect.len,
 				fs_le) << FS32_TO_CPU(bs->block_shift, fs_le);
+		if (di_br_size == 0)
+			return NULL;
+
 		br_per_di_br = di_br_size / sizeof(struct block_run);
+		if (br_per_di_br == 0)
+			return NULL;
+
 		di_index = start / (br_per_di_br * di_br_size);
 		i_index = (start % (br_per_di_br * di_br_size)) / di_br_size;
 		start = (start % (br_per_di_br * di_br_size)) % di_br_size;