diff options
-rw-r--r-- | fs/ext4/indirect.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index ff7e1ac6ee53..30165eb46c32 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -147,6 +147,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, struct super_block *sb = inode->i_sb; Indirect *p = chain; struct buffer_head *bh; + unsigned int key; int ret = -EIO; *err = 0; @@ -155,7 +156,13 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, if (!p->key) goto no_block; while (--depth) { - bh = sb_getblk(sb, le32_to_cpu(p->key)); + key = le32_to_cpu(p->key); + if (key > ext4_blocks_count(EXT4_SB(sb)->s_es)) { + /* the block was out of range */ + ret = -EFSCORRUPTED; + goto failure; + } + bh = sb_getblk(sb, key); if (unlikely(!bh)) { ret = -ENOMEM; goto failure; |