3.18-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit d288d95842f1503414b7eebce3773bac3390457e ]
When inode is corrupted so that extent type is invalid, some functions
(such as udf_truncate_extents()) will just BUG. Check that extent type
is valid when loading the inode to memory.
Reported-by: Anatoly Trosinenko <anatoly.trosine...@gmail.com>
Signed-off-by: Jan Kara <j...@suse.cz>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
fs/udf/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 0c1ca254d616..00c2caff1743 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1366,6 +1366,12 @@ reread:
iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) &
ICBTAG_FLAG_AD_MASK;
+ if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_SHORT &&
+ iinfo->i_alloc_type != ICBTAG_FLAG_AD_LONG &&
+ iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) {
+ ret = -EIO;
+ goto out;
+ }
iinfo->i_unique = 0;
iinfo->i_lenEAttr = 0;
iinfo->i_lenExtents = 0;
--
2.19.1
