From: Jan Kara Date: Tue, 6 May 2008 16:26:17 +0000 (+0200) Subject: udf: Fix memory corruption when fs mounted with noadinicb option X-Git-Tag: firefly_0821_release~20425^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9afadc4b1fd25337003832c9a4668f9bd42cdda9;p=firefly-linux-kernel-4.4.55.git udf: Fix memory corruption when fs mounted with noadinicb option When UDF filesystem is mounted with noadinicb mount option, it happens that we extend an empty directory with a block. A code in udf_add_entry() didn't count with this possibility and used uninitialized data leading to memory and filesystem corruption. Add a check whether file already has some extents before operating on them. Signed-off-by: Jan Kara --- diff --git a/fs/udf/namei.c b/fs/udf/namei.c index 47a6589e10b5..3d94bc1cfbaf 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c @@ -315,7 +315,7 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir, uint16_t liu; int block; kernel_lb_addr eloc; - uint32_t elen; + uint32_t elen = 0; sector_t offset; struct extent_position epos = {}; struct udf_inode_info *dinfo; @@ -406,7 +406,8 @@ static struct fileIdentDesc *udf_add_entry(struct inode *dir, } add: - if (dinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { + /* Is there any extent whose size we need to round up? */ + if (dinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB && elen) { elen = (elen + sb->s_blocksize - 1) & ~(sb->s_blocksize - 1); if (dinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT) epos.offset -= sizeof(short_ad);