[PATCH] fsck.f2fs: check and fix i_namelen to avoid double free
From: Yunlong Song
Date: Fri Dec 15 2017 - 01:29:51 EST
Signed-off-by: Yunlong Song <yunlong.song@xxxxxxxxxx>
---
fsck/fsck.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/fsck/fsck.c b/fsck/fsck.c
index 2212aa3..8ff4e4b 100644
--- a/fsck/fsck.c
+++ b/fsck/fsck.c
@@ -643,7 +643,7 @@ void fsck_chk_inode_blk(struct f2fs_sb_info *sbi, u32 nid,
u64 i_blocks = le64_to_cpu(node_blk->i.i_blocks);
int ofs = get_extra_isize(node_blk);
unsigned char *en;
- int namelen;
+ int namelen, i_namelen;
unsigned int idx = 0;
int need_fix = 0;
int ret;
@@ -850,8 +850,21 @@ skip_blkcnt_fix:
en = malloc(F2FS_NAME_LEN + 1);
ASSERT(en);
- namelen = convert_encrypted_name(node_blk->i.i_name,
- le32_to_cpu(node_blk->i.i_namelen),
+ i_namelen = le32_to_cpu(node_blk->i.i_namelen);
+ namelen = strlen((const char *)node_blk->i.i_name);
+ if (i_namelen > F2FS_NAME_LEN) {
+ ASSERT_MSG("ino: 0x%x has i_namelen: 0x%x, "
+ "but has %d characters for name",
+ nid, i_namelen, namelen);
+ if (c.fix_on) {
+ FIX_MSG("[0x%x] i_namelen=0x%x -> 0x%x", nid, i_namelen,
+ namelen);
+ node_blk->i.i_namelen = cpu_to_le32(namelen);
+ need_fix = 1;
+ }
+ i_namelen = namelen;
+ }
+ namelen = convert_encrypted_name(node_blk->i.i_name, i_namelen,
en, file_enc_name(&node_blk->i));
en[namelen] = '\0';
if (ftype == F2FS_FT_ORPHAN)
--
1.8.5.2