This patch checks for 0 in several ext4 headers and gracefully
fails instead of raising a divide-by-0 exception.
Signed-off-by: Paul Emge
---
fs/ext4/ext4_common.c | 12
1 file changed, 12 insertions(+)
diff --git a/fs/ext4/ext4_common.c b/fs/ext4/ext4_common.c
index 464c33d0d7
In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
the destination memory region. This patch adds a check to disallow
this.
Signed-off-by: Paul Emge
---
fs/ext4/ext4fs.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/ext4fs.c b/fs/ext4
in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.
Signed-off-by: Paul Emge
---
fs/ext4/ext4fs.c | 8 +---
1 file changed, 5
ext_cache_read doesn't null cache->buf, after freeing, which results
in a later function double-freeing it. This patch fixes
ext_cache_read to call ext_cache_fini instead of free.
Signed-off-by: Paul Emge
---
fs/ext4/ext4fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
part_get_info_extended and print_partition_extended can recurse infinitely
while parsing a self-referential filesystem or one with a silly number of
extended partitions. This patch adds a limit to the number of recursive
partitions.
Signed-off-by: Paul Emge
---
disk/part_dos.c | 18
5 matches
Mail list logo