mirror of
https://github.com/torvalds/linux.git
synced 2024-11-21 19:41:42 +00:00
fs/ntfs3: Check if more than chunk-size bytes are written
A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. Signed-off-by: Andrew Ballance <andrewjballance@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
This commit is contained in:
parent
556bdf27c2
commit
9931122d04
@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr,
|
|||||||
|
|
||||||
/* Do decompression until pointers are inside range. */
|
/* Do decompression until pointers are inside range. */
|
||||||
while (up < unc_end && cmpr < cmpr_end) {
|
while (up < unc_end && cmpr < cmpr_end) {
|
||||||
|
// return err if more than LZNT_CHUNK_SIZE bytes are written
|
||||||
|
if (up - unc > LZNT_CHUNK_SIZE)
|
||||||
|
return -EINVAL;
|
||||||
/* Correct index */
|
/* Correct index */
|
||||||
while (unc + s_max_off[index] < up)
|
while (unc + s_max_off[index] < up)
|
||||||
index += 1;
|
index += 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user