Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55b732c8 authored by Jeongjun Park's avatar Jeongjun Park Committed by Greg Kroah-Hartman
Browse files

jfs: Fix array-index-out-of-bounds in diFree 



[ Upstream commit f73f969b2eb39ad8056f6c7f3a295fa2f85e313a ]

Reported-by: default avatar <syzbot+241c815bda521982cb49@syzkaller.appspotmail.com>
Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: default avatarJeongjun Park <aha310510@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 90f2409c

fs/jfs/jfs_imap.c

+4 −1
Original line number Diff line number Diff line
@@ -305,7 +305,7 @@ int diSync(struct inode *ipimap) 
int diRead(struct inode *ip)

{

	struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);

	int iagno, ino, extno, rc;

	int iagno, ino, extno, rc, agno;

	struct inode *ipimap;

	struct dinode *dp;

	struct iag *iagp;
@@ -354,8 +354,11 @@ int diRead(struct inode *ip) 


	/* get the ag for the iag */

	agstart = le64_to_cpu(iagp->agstart);

	agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb));



	release_metapage(mp);

	if (agno >= MAXAG || agno < 0)

		return -EIO;



	rel_inode = (ino & (INOSPERPAGE - 1));

	pageno = blkno >> sbi->l2nbperpage;