From e446d71838c8fde06e59bd4eb01de031825c6f2b Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Fri, 5 Jan 2001 22:27:06 +0000 Subject: [PATCH] ChangeLog, dirblock.c: dirblock.c (ext2fs_read_dir_block): Fix a potential case where we may overrun allocated memory in case of a corrupted filesystem (or an e2fsck test case :-) when byte-swapping the directory block. --- lib/ext2fs/ChangeLog | 5 +++++ lib/ext2fs/dirblock.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/ext2fs/ChangeLog b/lib/ext2fs/ChangeLog index 7675edbf..ad380268 100644 --- a/lib/ext2fs/ChangeLog +++ b/lib/ext2fs/ChangeLog @@ -1,5 +1,10 @@ 2001-01-05 + * dirblock.c (ext2fs_read_dir_block): Fix a potential case where + we may overrun allocated memory in case of a corrupted + filesystem (or an e2fsck test case :-) when byte-swapping + the directory block. + * ext2fs.h: Indent the #warning to fix gcc -Wall complaint. * mkjournal.c (ext2fs_add_journal_device): Fix various gcc -Wall diff --git a/lib/ext2fs/dirblock.c b/lib/ext2fs/dirblock.c index 14c2f369..cb274b70 100644 --- a/lib/ext2fs/dirblock.c +++ b/lib/ext2fs/dirblock.c @@ -39,7 +39,7 @@ errcode_t ext2fs_read_dir_block(ext2_filsys fs, blk_t block, return 0; p = (char *) buf; end = (char *) buf + fs->blocksize; - while (p < end) { + while (p < end-8) { dirent = (struct ext2_dir_entry *) p; dirent->inode = ext2fs_swab32(dirent->inode); dirent->rec_len = ext2fs_swab16(dirent->rec_len);