aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ext4/bitmap.c
diff options
context:
space:
mode:
authorHaogang Chen <haogangchen@gmail.com>2012-05-28 14:21:55 -0400
committerTheodore Ts'o <tytso@mit.edu>2012-05-28 14:21:55 -0400
commit967ac8af4475ce45474800709b12137aa7634c77 (patch)
treeb40d665c1620e801f313ff516c7986e8c3cdbd59 /fs/ext4/bitmap.c
parent9d99012ff26380a09092a9fddbb6e5f996dc631f (diff)
ext4: fix potential integer overflow in alloc_flex_gd()
In alloc_flex_gd(), when flexbg_size is large, kmalloc size would overflow and flex_gd->groups would point to a buffer smaller than expected, causing OOB accesses when it is used. Note that in ext4_resize_fs(), flexbg_size is calculated using sbi->s_log_groups_per_flex, which is read from the disk and only bounded to [1, 31]. The patch returns NULL for too large flexbg_size. Reviewed-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Haogang Chen <haogangchen@gmail.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: stable@kernel.org
Diffstat (limited to 'fs/ext4/bitmap.c')
0 files changed, 0 insertions, 0 deletions