diff options
author | Zhihao Cheng <chengzhihao1@huawei.com> | 2020-06-16 15:11:44 +0800 |
---|---|---|
committer | Richard Weinberger <richard@nod.at> | 2020-12-13 22:12:32 +0100 |
commit | a33e30a0e023e9d1866866ca895c7789f48445e7 (patch) | |
tree | 383b2fd9b04365a17ed31c4b624d278cf8e23607 /fs/ubifs/journal.c | |
parent | c8be097530a82e004f98378c3afc5cd35efc4f57 (diff) | |
download | linux-a33e30a0e023e9d1866866ca895c7789f48445e7.tar.bz2 |
ubifs: Pass node length in all node dumping callers
Function ubifs_dump_node() has been modified to avoid memory oob
accessing while dumping node, node length (corresponding to the
size of allocated memory for node) should be passed into all node
dumping callers.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/journal.c')
-rw-r--r-- | fs/ubifs/journal.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 091c2ad8f211..03410ae0813a 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -1559,7 +1559,8 @@ int ubifs_jnl_truncate(struct ubifs_info *c, const struct inode *inode, if (dn_len <= 0 || dn_len > UBIFS_BLOCK_SIZE) { ubifs_err(c, "bad data node (block %u, inode %lu)", blk, inode->i_ino); - ubifs_dump_node(c, dn); + ubifs_dump_node(c, dn, sz - UBIFS_INO_NODE_SZ - + UBIFS_TRUN_NODE_SZ); goto out_free; } |