From patchwork Mon Apr 9 22:42:59 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xi Wang X-Patchwork-Id: 151492 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:4978:20e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 167C5B7027 for ; Tue, 10 Apr 2012 08:44:40 +1000 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1SHNIn-00066d-W4; Mon, 09 Apr 2012 22:43:13 +0000 Received: from mail-qa0-f49.google.com ([209.85.216.49]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1SHNIk-000662-Ou for linux-mtd@lists.infradead.org; Mon, 09 Apr 2012 22:43:11 +0000 Received: by qafi29 with SMTP id i29so1764972qaf.15 for ; Mon, 09 Apr 2012 15:43:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=Y/6x3rNtWwwHOWm0KnN5o4JPDbZ/IFyt0+4dsF6mRSg=; b=geK2tRcTvYh3SVRxlxEpUcmf+Su+M/nc5tYzJdvuIatpZNlu99qG3VFZypEf+ynTph Zya67JEzyksdpaQWVcCMR4pjTjLfOBDY1G3HsD77wfJx7S/FeJW8jaZUUQBCQDfsC10A HLQhr9e/8CzzV2YpAqPATjNamsh7pEbqsAmf8a5BGu40597aOTCi80h1kXeXnnWB2AP+ dgN4QDTXCFzBovh41nPxBfDvyq9GmmxCbhawXsYca5i/yp4Z6iC+CAitmR4wGtDoKjfO ivzVU7FfoQU7SM4hTuq/L/5vfE7/PFcBnLWtSs2a27jEZ9vxGS2YqnCS5NbMzcWYhBQW 26Kw== Received: by 10.229.137.12 with SMTP id u12mr3543155qct.156.1334011388891; Mon, 09 Apr 2012 15:43:08 -0700 (PDT) Received: from localhost.localdomain (hchen.csail.mit.edu. [18.26.5.5]) by mx.google.com with ESMTPS id i8sm27112545qah.4.2012.04.09.15.43.07 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 09 Apr 2012 15:43:08 -0700 (PDT) From: Xi Wang To: David Woodhouse Subject: [PATCH] jffs2: refactor csize in jffs2_do_read_inode_internal() Date: Mon, 9 Apr 2012 18:42:59 -0400 Message-Id: <1334011379-24445-1-git-send-email-xi.wang@gmail.com> X-Mailer: git-send-email 1.7.5.4 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (xi.wang[at]gmail.com) -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.216.49 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: linux-mtd@lists.infradead.org, Xi Wang X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Replace the verbose `je32_to_cpu(latest_node->csize)' with a shorter variable `csize'. Also check for a bogus `csize' value 0xffffffff, which would turn the subsequent kmalloc(cisze + 1, ...) into kmalloc(0, ...). Signed-off-by: Xi Wang --- fs/jffs2/readinode.c | 17 +++++++++++------ 1 files changed, 11 insertions(+), 6 deletions(-) diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c index dc0437e..2be7a8e 100644 --- a/fs/jffs2/readinode.c +++ b/fs/jffs2/readinode.c @@ -1266,19 +1266,24 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, /* Symlink's inode data is the target path. Read it and * keep in RAM to facilitate quick follow symlink * operation. */ - f->target = kmalloc(je32_to_cpu(latest_node->csize) + 1, GFP_KERNEL); + uint32_t csize = je32_to_cpu(latest_node->csize); + /* Avoid overflowing csize + 1. */ + if (csize > INT_MAX) + f->target = 0; + else + f->target = kmalloc(csize + 1, GFP_KERNEL); if (!f->target) { - JFFS2_ERROR("can't allocate %d bytes of memory for the symlink target path cache\n", je32_to_cpu(latest_node->csize)); + JFFS2_ERROR("can't allocate %u bytes of memory for the symlink target path cache\n", csize); mutex_unlock(&f->sem); jffs2_do_clear_inode(c, f); return -ENOMEM; } ret = jffs2_flash_read(c, ref_offset(rii.latest_ref) + sizeof(*latest_node), - je32_to_cpu(latest_node->csize), &retlen, (char *)f->target); + csize, &retlen, (char *)f->target); - if (ret || retlen != je32_to_cpu(latest_node->csize)) { - if (retlen != je32_to_cpu(latest_node->csize)) + if (ret || retlen != csize) { + if (retlen != csize) ret = -EIO; kfree(f->target); f->target = NULL; @@ -1287,7 +1292,7 @@ static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c, return ret; } - f->target[je32_to_cpu(latest_node->csize)] = '\0'; + f->target[csize] = '\0'; dbg_readinode("symlink's target '%s' cached\n", f->target); }