[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1513319130-114230-1-git-send-email-yunlong.song@huawei.com>
Date: Fri, 15 Dec 2017 14:25:30 +0800
From: Yunlong Song <yunlong.song@...wei.com>
To: <jaegeuk@...nel.org>, <chao@...nel.org>, <yuchao0@...wei.com>,
<yunlong.song@...oud.com>, <yunlong.song@...wei.com>
CC: <miaoxie@...wei.com>, <bintian.wang@...wei.com>,
<shengyong1@...wei.com>, <heyunlei@...wei.com>,
<linux-fsdevel@...r.kernel.org>,
<linux-f2fs-devel@...ts.sourceforge.net>,
<linux-kernel@...r.kernel.org>
Subject: [PATCH] fsck.f2fs: check and fix i_namelen to avoid double free
Signed-off-by: Yunlong Song <yunlong.song@...wei.com>
---
fsck/fsck.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/fsck/fsck.c b/fsck/fsck.c
index 2212aa3..8ff4e4b 100644
--- a/fsck/fsck.c
+++ b/fsck/fsck.c
@@ -643,7 +643,7 @@ void fsck_chk_inode_blk(struct f2fs_sb_info *sbi, u32 nid,
u64 i_blocks = le64_to_cpu(node_blk->i.i_blocks);
int ofs = get_extra_isize(node_blk);
unsigned char *en;
- int namelen;
+ int namelen, i_namelen;
unsigned int idx = 0;
int need_fix = 0;
int ret;
@@ -850,8 +850,21 @@ skip_blkcnt_fix:
en = malloc(F2FS_NAME_LEN + 1);
ASSERT(en);
- namelen = convert_encrypted_name(node_blk->i.i_name,
- le32_to_cpu(node_blk->i.i_namelen),
+ i_namelen = le32_to_cpu(node_blk->i.i_namelen);
+ namelen = strlen((const char *)node_blk->i.i_name);
+ if (i_namelen > F2FS_NAME_LEN) {
+ ASSERT_MSG("ino: 0x%x has i_namelen: 0x%x, "
+ "but has %d characters for name",
+ nid, i_namelen, namelen);
+ if (c.fix_on) {
+ FIX_MSG("[0x%x] i_namelen=0x%x -> 0x%x", nid, i_namelen,
+ namelen);
+ node_blk->i.i_namelen = cpu_to_le32(namelen);
+ need_fix = 1;
+ }
+ i_namelen = namelen;
+ }
+ namelen = convert_encrypted_name(node_blk->i.i_name, i_namelen,
en, file_enc_name(&node_blk->i));
en[namelen] = '\0';
if (ftype == F2FS_FT_ORPHAN)
--
1.8.5.2
Powered by blists - more mailing lists