[U-Boot] [PATCH] fs: ext4: Prevent erasing buffer past file size
Tom Rini
trini at konsulko.com
Mon Jul 23 14:09:00 UTC 2018
On Mon, Jul 23, 2018 at 11:42:12AM +0200, Marek Vasut wrote:
> The variable 'n' represents the number of bytes to be read from a certain
> offset in a file, to a certain offset in buffer 'buf'. The variable 'len'
> represents the length of the entire file, clamped correctly to avoid any
> overflows.
>
> Therefore, comparing 'n' and 'len' to determine whether clearing 'n'
> bytes of the buffer 'buf' at a certain offset would clear data past
> buffer 'buf' cannot lead to a correct result, since the 'n' does not
> contain the offset from the beginning of the file.
>
> This patch keeps track of the amount of data read and checks for the
> buffer overflow by comparing the 'n' to the remaining amount of data
> to be read instead.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> Cc: Ian Ray <ian.ray at ge.com>
> Cc: Martyn Welch <martyn.welch at collabora.co.uk>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Tom Rini <trini at konsulko.com>
> Fixes: ecdfb4195b20 ("ext4: recover from filesystem corruption when reading")
Good catch. Can this problem also be recreated/tested with
test/fs/fs-test.sh? Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180723/3ac24264/attachment.sig>
More information about the U-Boot
mailing list