udf: check partition reference in udf_read_inode()
We were checking block number without checking partition. sbi->s_partmaps[iloc->partitionReferenceNum] could lead to bad memory access. See udf_nfs_get_inode() path for instance. Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
parent
23bcda112f
commit
1d82a56bc5
|
@ -1277,6 +1277,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode)
|
|||
int ret = -EIO;
|
||||
|
||||
reread:
|
||||
if (iloc->partitionReferenceNum >= sbi->s_partitions) {
|
||||
udf_debug("partition reference: %d > logical volume partitions: %d\n",
|
||||
iloc->partitionReferenceNum, sbi->s_partitions);
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
if (iloc->logicalBlockNum >=
|
||||
sbi->s_partmaps[iloc->partitionReferenceNum].s_partition_len) {
|
||||
udf_debug("block=%d, partition=%d out of range\n",
|
||||
|
|
Loading…
Reference in New Issue