Small bug is isofs in 2.3.10

Kai Makisara (makisara@metla.fi)
Thu, 15 Jul 1999 10:28:59 +0300 (EET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matt Robinson: "Register reads in kernel space ..."
Previous message: Petr Danecek: "Re: When poweroff does not work..."

If the file contains only one section, the function isofs_get_block()
in fs/isofs/inode.c does not check that the requested block is within the
section. This leads to attempting read past the end of the data when
mapping the last page of a file at the end of a CD with length not
evenly divisible by the page size.

The following patch (against 2.3.10) removes the bug by checking if
the offset is within the first section:
------------------------------8<--------------------------------------
--- fs/isofs/inode.c.org Sun Jul 11 12:32:24 1999
+++ fs/isofs/inode.c Tue Jul 13 23:19:16 1999
@@ -980,6 +980,8 @@
goto abort_too_many_sections;
}
}
+ else if (b_off >= sect_size)
+ goto abort;

bh_result->b_dev = inode->i_dev;
bh_result->b_blocknr =
------------------------------8<--------------------------------------

Kai

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matt Robinson: "Register reads in kernel space ..."
Previous message: Petr Danecek: "Re: When poweroff does not work..."