diff options
author | Zhihao Cheng <chengzhihao1@huawei.com> | 2020-06-16 15:11:44 +0800 |
---|---|---|
committer | Richard Weinberger <richard@nod.at> | 2020-12-13 22:12:32 +0100 |
commit | a33e30a0e023e9d1866866ca895c7789f48445e7 (patch) | |
tree | 383b2fd9b04365a17ed31c4b624d278cf8e23607 /fs/ubifs/scan.c | |
parent | c8be097530a82e004f98378c3afc5cd35efc4f57 (diff) | |
download | lwn-a33e30a0e023e9d1866866ca895c7789f48445e7.tar.gz lwn-a33e30a0e023e9d1866866ca895c7789f48445e7.zip |
ubifs: Pass node length in all node dumping callers
Function ubifs_dump_node() has been modified to avoid memory oob
accessing while dumping node, node length (corresponding to the
size of allocated memory for node) should be passed into all node
dumping callers.
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/scan.c')
-rw-r--r-- | fs/ubifs/scan.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ubifs/scan.c b/fs/ubifs/scan.c index c69cdb5e65bc..84a9157dcc32 100644 --- a/fs/ubifs/scan.c +++ b/fs/ubifs/scan.c @@ -76,7 +76,7 @@ int ubifs_scan_a_node(const struct ubifs_info *c, void *buf, int len, int lnum, dbg_scan("scanning %s at LEB %d:%d", dbg_ntype(ch->node_type), lnum, offs); - if (ubifs_check_node(c, buf, lnum, offs, quiet, 1)) + if (ubifs_check_node(c, buf, len, lnum, offs, quiet, 1)) return SCANNED_A_CORRUPT_NODE; if (ch->node_type == UBIFS_PAD_NODE) { @@ -90,7 +90,7 @@ int ubifs_scan_a_node(const struct ubifs_info *c, void *buf, int len, int lnum, if (!quiet) { ubifs_err(c, "bad pad node at LEB %d:%d", lnum, offs); - ubifs_dump_node(c, pad); + ubifs_dump_node(c, pad, len); } return SCANNED_A_BAD_PAD_NODE; } |