Commit a89e80f8 authored by Dave Kleikamp's avatar Dave Kleikamp Committed by Jinjiang Tu
Browse files

jfs: Fix sanity check in dbMount 

mainline inclusion
from mainline-v6.12-rc5
commit 67373ca8404fe57eb1bb4b57f314cff77ce54932
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQS5
CVE: CVE-2024-47723

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67373ca8404fe57eb1bb4b57f314cff77ce54932



--------------------------------

MAXAG is a legitimate value for bmp->db_numag

Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")

Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarJinjiang Tu <tujinjiang@huawei.com>
parent 4da955b0

fs/jfs/jfs_dmap.c

+1 −1
Original line number Diff line number Diff line
@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap) 
	}



	bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);

	if (!bmp->db_numag || bmp->db_numag >= MAXAG) {

	if (!bmp->db_numag || bmp->db_numag > MAXAG) {

		err = -EINVAL;

		goto err_release_metapage;

	}