summaryrefslogtreecommitdiffstats
path: root/fs/omfs/bitmap.c
diff options
context:
space:
mode:
authorBob Copeland <me@bobcopeland.com>2008-08-15 00:40:47 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-08-15 08:35:44 -0700
commit9419fc1c957d600093baaea247fef23cca3b4e93 (patch)
tree532606ac97d86d8952ffcdd8f8513b1499c10bf8 /fs/omfs/bitmap.c
parentc963343a1150106819773e828c9b237ed977615b (diff)
downloadkernel-crypto-9419fc1c957d600093baaea247fef23cca3b4e93.tar.gz
kernel-crypto-9419fc1c957d600093baaea247fef23cca3b4e93.tar.xz
kernel-crypto-9419fc1c957d600093baaea247fef23cca3b4e93.zip
omfs: fix oops when file metadata is corrupted
A fuzzed fileystem image failed with OMFS when the extent count was used in a loop without being checked against the max number of extents. It also provoked a signed division for an array index that was checked as if unsigned, leading to index by -1. omfsck will be updated to fix these cases, in the meantime bail out gracefully. Reported-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/omfs/bitmap.c')
-rw-r--r--fs/omfs/bitmap.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/omfs/bitmap.c b/fs/omfs/bitmap.c
index 697663b01ba..e1c0ec0ae98 100644
--- a/fs/omfs/bitmap.c
+++ b/fs/omfs/bitmap.c
@@ -92,7 +92,7 @@ int omfs_allocate_block(struct super_block *sb, u64 block)
struct buffer_head *bh;
struct omfs_sb_info *sbi = OMFS_SB(sb);
int bits_per_entry = 8 * sb->s_blocksize;
- int map, bit;
+ unsigned int map, bit;
int ret = 0;
u64 tmp;
@@ -176,7 +176,8 @@ int omfs_clear_range(struct super_block *sb, u64 block, int count)
struct omfs_sb_info *sbi = OMFS_SB(sb);
int bits_per_entry = 8 * sb->s_blocksize;
u64 tmp;
- int map, bit, ret;
+ unsigned int map, bit;
+ int ret;
tmp = block;
bit = do_div(tmp, bits_per_entry);