FS/OMFS: block number sanity check during fill_super operation (76e51210) · Commits · e / devices / android_kernel_oneplus_sm7250

fs/omfs/inode.c

+7 −3

Original line number	Original line	Diff line number	Diff line
	@@ -306,9 +306,7 @@ static const struct super_operations omfs_sops = {
	*/		*/
	static int omfs_get_imap(struct super_block *sb)		static int omfs_get_imap(struct super_block *sb)
	{		{
	int bitmap_size;		unsigned int bitmap_size, count, array_size;
	int array_size;
	int count;
	struct omfs_sb_info *sbi = OMFS_SB(sb);		struct omfs_sb_info *sbi = OMFS_SB(sb);
	struct buffer_head *bh;		struct buffer_head *bh;
	unsigned long **ptr;		unsigned long **ptr;
	@@ -473,6 +471,12 @@ static int omfs_fill_super(struct super_block sb, void data, int silent)
	sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize);		sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize);
	mutex_init(&sbi->s_bitmap_lock);		mutex_init(&sbi->s_bitmap_lock);

			if (sbi->s_num_blocks > OMFS_MAX_BLOCKS) {
			printk(KERN_ERR "omfs: sysblock number (%llx) is out of range\n",
			(unsigned long long)sbi->s_num_blocks);
			goto out_brelse_bh;
			}

	if (sbi->s_sys_blocksize > PAGE_SIZE) {		if (sbi->s_sys_blocksize > PAGE_SIZE) {
	printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n",		printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n",
	sbi->s_sys_blocksize);		sbi->s_sys_blocksize);

+1 −0