Unverified Commit dbc7ff09 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!8571 jfs: fix two array-index-out-of-bounds issuse 

Merge Pull Request from: @ci-robot 
 
PR sync from: Long Li <leo.lilong@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/MQGYGM443C25X2L6NZB3KZPUSQDM3QJB/ 
This patch set fix two array-index-out-of-bounds issuses.

Manas Ghandat (1):
  jfs: fix array-index-out-of-bounds in dbFindLeaf

Yogesh (1):
  fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev


-- 
2.39.2
 
https://gitee.com/src-openeuler/kernel/issues/I9REBH 
 
Link:https://gitee.com/openeuler/kernel/pulls/8571

 

Reviewed-by: default avatarzhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 7236f219 61d5f629

fs/jfs/jfs_dmap.c

+13 −4
Original line number Diff line number Diff line
@@ -87,7 +87,7 @@ static int dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, 
static int dbExtend(struct inode *ip, s64 blkno, s64 nblocks, s64 addnblocks);

static int dbFindBits(u32 word, int l2nb);

static int dbFindCtl(struct bmap * bmp, int l2nb, int level, s64 * blkno);

static int dbFindLeaf(dmtree_t * tp, int l2nb, int *leafidx);

static int dbFindLeaf(dmtree_t *tp, int l2nb, int *leafidx, bool is_ctl);

static int dbFreeBits(struct bmap * bmp, struct dmap * dp, s64 blkno,

		      int nblocks);

static int dbFreeDmap(struct bmap * bmp, struct dmap * dp, s64 blkno,
@@ -1771,7 +1771,7 @@ static int dbFindCtl(struct bmap * bmp, int l2nb, int level, s64 * blkno) 
		 * dbFindLeaf() returns the index of the leaf at which

		 * free space was found.

		 */

		rc = dbFindLeaf((dmtree_t *) dcp, l2nb, &leafidx);

		rc = dbFindLeaf((dmtree_t *) dcp, l2nb, &leafidx, true);



		/* release the buffer.

		 */
@@ -2018,9 +2018,12 @@ dbAllocDmapLev(struct bmap * bmp, 
	 * free space.  if sufficient free space is found, dbFindLeaf()

	 * returns the index of the leaf at which free space was found.

	 */

	if (dbFindLeaf((dmtree_t *) & dp->tree, l2nb, &leafidx))

	if (dbFindLeaf((dmtree_t *) &dp->tree, l2nb, &leafidx, false))

		return -ENOSPC;



	if (leafidx < 0)

		return -EIO;



	/* determine the block number within the file system corresponding

	 * to the leaf at which free space was found.

	 */
@@ -2980,14 +2983,18 @@ static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl) 
 *	leafidx	- return pointer to be set to the index of the leaf

 *		  describing at least l2nb free blocks if sufficient

 *		  free blocks are found.

 *	is_ctl	- determines if the tree is of type ctl

 *

 * RETURN VALUES:

 *	0	- success

 *	-ENOSPC	- insufficient free blocks.

 */

static int dbFindLeaf(dmtree_t * tp, int l2nb, int *leafidx)

static int dbFindLeaf(dmtree_t *tp, int l2nb, int *leafidx, bool is_ctl)

{

	int ti, n = 0, k, x = 0;

	int max_size;



	max_size = is_ctl ? CTLTREESIZE : TREESIZE;



	/* first check the root of the tree to see if there is

	 * sufficient free space.
@@ -3008,6 +3015,8 @@ static int dbFindLeaf(dmtree_t * tp, int l2nb, int *leafidx) 
			/* sufficient free space found.  move to the next

			 * level (or quit if this is the last level).

			 */

			if (x + n > max_size)

				return -ENOSPC;

			if (l2nb <= tp->dmt_stree[x + n])

				break;

		}