mirror of https://gitee.com/openkylin/linux.git
md: avoid array overflow with bad v1.x metadata
We trust the 'desc_nr' field in v1.x metadata enough to use it as an index in an array. This isn't really safe. So range-check the value first. Signed-off-by: NeilBrown <neilb@suse.de>
This commit is contained in:
parent
3a981b03f3
commit
3673f305fa
|
@ -1308,7 +1308,12 @@ static int super_1_validate(mddev_t *mddev, mdk_rdev_t *rdev)
|
|||
}
|
||||
if (mddev->level != LEVEL_MULTIPATH) {
|
||||
int role;
|
||||
role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]);
|
||||
if (rdev->desc_nr < 0 ||
|
||||
rdev->desc_nr >= le32_to_cpu(sb->max_dev)) {
|
||||
role = 0xffff;
|
||||
rdev->desc_nr = -1;
|
||||
} else
|
||||
role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]);
|
||||
switch(role) {
|
||||
case 0xffff: /* spare */
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue