diff options
author | Theodore Ts'o <tytso@mit.edu> | 2018-08-27 09:22:45 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2018-08-27 09:22:45 -0400 |
commit | 4d982e25d0bdc83d8c64e66fdeca0b89240b3b85 (patch) | |
tree | f1775363ff05e10010530d4fc5a2201f7fae02d6 /crypto/crct10dif_common.c | |
parent | b50282f3241acee880514212d88b6049fb5039c8 (diff) | |
download | linux-4d982e25d0bdc83d8c64e66fdeca0b89240b3b85.tar.bz2 |
ext4: avoid divide by zero fault when deleting corrupted inline directories
A specially crafted file system can trick empty_inline_dir() into
reading past the last valid entry in a inline directory, and then run
into the end of xattr marker. This will trigger a divide by zero
fault. Fix this by using the size of the inline directory instead of
dir->i_size.
Also clean up error reporting in __ext4_check_dir_entry so that the
message is clearer and more understandable --- and avoids the division
by zero trap if the size passed in is zero. (I'm not sure why we
coded it that way in the first place; printing offset % size is
actually more confusing and less useful.)
https://bugzilla.kernel.org/show_bug.cgi?id=200933
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Wen Xu <wen.xu@gatech.edu>
Cc: stable@vger.kernel.org
Diffstat (limited to 'crypto/crct10dif_common.c')
0 files changed, 0 insertions, 0 deletions