summaryrefslogtreecommitdiffstats
path: root/fs/hpfs/super.c
diff options
context:
space:
mode:
authorMikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>2013-07-04 18:42:29 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2013-07-04 11:22:46 -0700
commit3ebacb05044f82c5f0bb456a894eb9dc57d0ed90 (patch)
treebb53d02c15568b0932c2f5ef5e758955b4fa69d0 /fs/hpfs/super.c
parent8bb495e3f02401ee6f76d1b1d77f3ac9f079e376 (diff)
downloadlinux-3ebacb05044f82c5f0bb456a894eb9dc57d0ed90.tar.gz
linux-3ebacb05044f82c5f0bb456a894eb9dc57d0ed90.tar.bz2
linux-3ebacb05044f82c5f0bb456a894eb9dc57d0ed90.zip
hpfs: better test for errors
The test if bitmap access is out of bound could errorneously pass if the device size is divisible by 16384 sectors and we are asking for one bitmap after the end. Check for invalid size in the superblock. Invalid size could cause integer overflows in the rest of the code. Signed-off-by: Mikulas Patocka <mpatocka@artax.karlin.mff.cuni.cz> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/hpfs/super.c')
-rw-r--r--fs/hpfs/super.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c
index a0617e706957..962e90c37aec 100644
--- a/fs/hpfs/super.c
+++ b/fs/hpfs/super.c
@@ -558,7 +558,13 @@ static int hpfs_fill_super(struct super_block *s, void *options, int silent)
sbi->sb_cp_table = NULL;
sbi->sb_c_bitmap = -1;
sbi->sb_max_fwd_alloc = 0xffffff;
-
+
+ if (sbi->sb_fs_size >= 0x80000000) {
+ hpfs_error(s, "invalid size in superblock: %08x",
+ (unsigned)sbi->sb_fs_size);
+ goto bail4;
+ }
+
/* Load bitmap directory */
if (!(sbi->sb_bmp_dir = hpfs_load_bitmap_directory(s, le32_to_cpu(superblock->bitmaps))))
goto bail4;