udf: Fix BUG on corrupted inode · tjh.dev/kernel@d288d95

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

udf: Fix BUG on corrupted inode

When inode is corrupted so that extent type is invalid, some functions
(such as udf_truncate_extents()) will just BUG. Check that extent type
is valid when loading the inode to memory.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>

Jan Kara 7 years ago d288d958 3e159b95

1 changed file

expand all

udf

inode.c

fs/udf/inode.c

··· 1357 1357 1358 1358 iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) & 1359 1359 ICBTAG_FLAG_AD_MASK; 1360 + if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_SHORT && 1361 + iinfo->i_alloc_type != ICBTAG_FLAG_AD_LONG && 1362 + iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { 1363 + ret = -EIO; 1364 + goto out; 1365 + } 1360 1366 iinfo->i_unique = 0; 1361 1367 iinfo->i_lenEAttr = 0; 1362 1368 iinfo->i_lenExtents = 0;