[PATCH]

[Andries E. Brouwer]

As it turns out, the kernel divides by EXT3_INODES_PER_GROUP(s)
when mounting an ext3 filesystem. If that number is zero,
a crash follows. Below a patch.

This crash was reported by Joeri de Ruiter, Carst Tankink and Pim Vullers.

Andries

diff -uprN -X /linux/dontdiff a/fs/ext3/super.c b/fs/ext3/super.c
--- a/fs/ext3/super.c	2007-10-13 19:51:45.000000000 +0200
+++ b/fs/ext3/super.c	2007-12-03 16:00:36.802510904 +0100
@@ -1596,7 +1596,7 @@ static int ext3_fill_super (struct super
 	sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group);
 	sbi->s_frags_per_group = le32_to_cpu(es->s_frags_per_group);
 	sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group);
-	if (EXT3_INODE_SIZE(sb) == 0)
+	if (EXT3_INODE_SIZE(sb) == 0 || EXT3_INODES_PER_GROUP(sb) == 0)
 		goto cantfind_ext3;
 	sbi->s_inodes_per_block = blocksize / EXT3_INODE_SIZE(sb);
 	if (sbi->s_inodes_per_block == 0)
diff -uprN -X /linux/dontdiff a/fs/ext4/super.c b/fs/ext4/super.c
--- a/fs/ext4/super.c	2007-10-13 19:51:45.000000000 +0200
+++ b/fs/ext4/super.c	2007-12-03 16:05:14.722260680 +0100
@@ -1678,7 +1678,7 @@ static int ext4_fill_super (struct super
 	sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group);
 	sbi->s_frags_per_group = le32_to_cpu(es->s_frags_per_group);
 	sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group);
-	if (EXT4_INODE_SIZE(sb) == 0)
+	if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0)
 		goto cantfind_ext4;
 	sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb);
 	if (sbi->s_inodes_per_block == 0)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/