[U-Boot] [PATCH v2 1/2] fs: ext4: fix crash on ext4ls

Tom Rini trini at konsulko.com
Thu May 10 11:16:44 UTC 2018


On Wed, May 09, 2018 at 04:28:37PM +0300, Eugen Hristev wrote:

> Found a crash while issuing ext4ls with a non-existent directory.
> Crash test:
> 
> => ext4ls mmc 0 1
> ** Can not find directory. **
> data abort
> pc : [<3fd7c2ec>]          lr : [<3fd93ed8>]
> reloc pc : [<26f142ec>]    lr : [<26f2bed8>]
> sp : 3f963338  ip : 3fdc3dc4     fp : 3fd6b370
> r10: 00000004  r9 : 3f967ec0     r8 : 3f96db68
> r7 : 3fdc99b4  r6 : 00000000     r5 : 3f96dc88  r4 : 3fdcbc8c
> r3 : fffffffa  r2 : 00000000     r1 : 3f96e0bc  r0 : 00000002
> Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
> Resetting CPU ...
> 
> resetting ...
> 
> Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)
> 
> Looks like crash is introduced by commit:
> "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
> 
> Issue is that dirnode is not initialized, and then freed if the call
> to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
> thus we have a crash with data abort.
> 
> I added initialization and a check for dirname being NULL.
> 
> Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
> Cc: Stefan BrĂ¼ns <stefan.bruens at rwth-aachen.de>
> Cc: Tom Rini <trini at konsulko.com>
> Signed-off-by: Eugen Hristev <eugen.hristev at microchip.com>

Reviewed-by: Tom Rini <trini at konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180510/17a1439b/attachment.sig>


More information about the U-Boot mailing list