malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/fs/jfs
History
Pavel Skripkin c73c5c5632 jfs: fix divide error in dbNextAG 
[ Upstream commit 2cc7cc01c15f57d056318c33705647f87dcd4aab ]

Syzbot reported divide error in dbNextAG(). The problem was in missing
validation check for malicious image.

Syzbot crafted an image with bmp->db_numag equal to 0. There wasn't any
validation checks, but dbNextAG() blindly use bmp->db_numag in divide
expression

Fix it by validating bmp->db_numag in dbMount() and return an error if
image is malicious

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+46f5c25af73eb8330eb6@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-20 09:08:20 +02:00
..
acl.c
file.c
inode.c
jfs: fix GPF in diFree
2021-07-20 16:17:48 +02:00
ioctl.c
jfs_acl.h
jfs_btree.h
jfs_debug.c
jfs_debug.h
jfs_dinode.h
jfs_discard.c
jfs_discard.h
jfs_dmap.c
jfs: fix divide error in dbNextAG
2022-04-20 09:08:20 +02:00
jfs_dmap.h
jfs: Fix array index bounds check in dbAdjTree
2020-12-29 13:47:08 +01:00
jfs_dtree.c
jfs_dtree.h
jfs_extent.c
jfs_extent.h
jfs_filsys.h
JFS: more checks for invalid superblock
2021-03-07 11:27:42 +01:00
jfs_imap.c
jfs_imap.h
jfs_incore.h
jfs_inode.c
jfs_inode.h
jfs_lock.h
jfs_logmgr.c
fs/jfs: Fix missing error code in lmLogInit()
2021-07-20 16:17:49 +02:00
jfs_logmgr.h
jfs_metapage.c
jfs_metapage.h
jfs_mount.c
JFS: fix memleak in jfs_mount
2021-11-26 11:40:32 +01:00
jfs_superblock.h
jfs_txnmgr.c
jfs: fix bogus variable self-initialization
2020-01-27 14:46:26 +01:00
jfs_txnmgr.h
jfs_types.h
jfs_umount.c
jfs_unicode.c
jfs_unicode.h
jfs_uniupr.c
jfs_xattr.h
jfs_xtree.c
jfs_xtree.h
Kconfig
Makefile
namei.c
resize.c
super.c
symlink.c
xattr.c