Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf1a1b31 authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Christoph Hellwig
Browse files

hfsplus: fix overflow in hfsplus_get_block 



For filesystems larger than 2TB the final sector number passed to
map_bh might overflow the range representable in a 32-bit data type.
Make sure we use a sector_t for it and the arithmetics calculating it.

Signed-off-by: default avatarChristoph Hellwig <hch@tuxera.com>
parent 2b4f9ca8

fs/hfsplus/extents.c

+6 −3
Original line number Diff line number Diff line
@@ -209,6 +209,7 @@ int hfsplus_get_block(struct inode *inode, sector_t iblock, 
	struct hfsplus_inode_info *hip = HFSPLUS_I(inode);

	int res = -EIO;

	u32 ablock, dblock, mask;

	sector_t sector;

	int was_dirty = 0;

	int shift;
@@ -255,10 +256,12 @@ int hfsplus_get_block(struct inode *inode, sector_t iblock, 
done:

	dprint(DBG_EXTENT, "get_block(%lu): %llu - %u\n",

		inode->i_ino, (long long)iblock, dblock);



	mask = (1 << sbi->fs_shift) - 1;

	map_bh(bh_result, sb,

		(dblock << sbi->fs_shift) + sbi->blockoffset +

			(iblock & mask));

	sector = ((sector_t)dblock << sbi->fs_shift) +

		  sbi->blockoffset + (iblock & mask);

	map_bh(bh_result, sb, sector);



	if (create) {

		set_buffer_new(bh_result);

		hip->phys_size += sb->s_blocksize;