| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180831140538.31566-1-colin.king@canonical.com>
Date: Fri, 31 Aug 2018 15:05:38 +0100
From: Colin King <colin.king@...onical.com>
To: linux-fsdevel@...r.kernel.org, dhowells@...hat.com,
viro@...iv.linux.org.uk
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] hfs: fix array out of bounds read of array extent
From: Colin Ian King <colin.king@...onical.com>
Currently extent and index i are both being incremented causing
an array out of bounds read on extent[i]. Fix this by removing
the extraneous increment of extent.
Detected by CoverityScan, CID#711541 ("Out of bounds read")
Fixes: d1081202f1d0 ("HFS rewrite")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
fs/hfs/extent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/hfs/extent.c b/fs/hfs/extent.c
index 5d0182654580..636cdfcecb26 100644
--- a/fs/hfs/extent.c
+++ b/fs/hfs/extent.c
@@ -300,7 +300,7 @@ int hfs_free_fork(struct super_block *sb, struct hfs_cat_file *file, int type)
return 0;
blocks = 0;
- for (i = 0; i < 3; extent++, i++)
+ for (i = 0; i < 3; i++)
blocks += be16_to_cpu(extent[i].count);
res = hfs_free_extents(sb, extent, blocks, blocks);
--
2.17.1
Powered by blists - more mailing lists