From patchwork Fri Jul 18 22:54:15 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darrick Wong X-Patchwork-Id: 371748 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E7AD014008F for ; Sat, 19 Jul 2014 08:54:22 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1946123AbaGRWyW (ORCPT ); Fri, 18 Jul 2014 18:54:22 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:33309 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1946059AbaGRWyV (ORCPT ); Fri, 18 Jul 2014 18:54:21 -0400 Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s6IMsIbX006921 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 18 Jul 2014 22:54:19 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s6IMsI8T025773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Jul 2014 22:54:18 GMT Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s6IMsHgW001889; Fri, 18 Jul 2014 22:54:17 GMT Received: from localhost (/67.23.204.226) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 18 Jul 2014 15:54:17 -0700 Subject: [PATCH 16/24] e2fsck: don't crash during rehash From: "Darrick J. Wong" To: tytso@mit.edu, darrick.wong@oracle.com Cc: linux-ext4@vger.kernel.org Date: Fri, 18 Jul 2014 15:54:15 -0700 Message-ID: <20140718225415.31374.89196.stgit@birch.djwong.org> In-Reply-To: <20140718225200.31374.85411.stgit@birch.djwong.org> References: <20140718225200.31374.85411.stgit@birch.djwong.org> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org If a user crafts a carefully constructed filesystem containing a single directory entry block with an invalid checksum and fewer than two entries, and then runs e2fsck to fix the filesystem, fsck will crash when it tries to "compress" the short dir and passes a negative dirent array length to qsort. Therefore, don't allow directory "compression" in this situation. Signed-off-by: Darrick J. Wong --- e2fsck/rehash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c index f75479a..5913ae7 100644 --- a/e2fsck/rehash.c +++ b/e2fsck/rehash.c @@ -848,7 +848,7 @@ retry_nohash: /* Sort the list */ resort: - if (fd.compress) + if (fd.compress && fd.num_array > 1) qsort(fd.harray+2, fd.num_array-2, sizeof(struct hash_entry), hash_cmp); else @@ -867,7 +867,7 @@ resort: } /* Sort non-hashed directories by inode number */ - if (fd.compress) + if (fd.compress && fd.num_array > 1) qsort(fd.harray+2, fd.num_array-2, sizeof(struct hash_entry), ino_cmp);