[PATCH 4.9 051/137] udf: Fix BUG on corrupted inode
From: Greg Kroah-Hartman
Date: Mon Feb 11 2019 - 10:08:16 EST
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit d288d95842f1503414b7eebce3773bac3390457e ]
When inode is corrupted so that extent type is invalid, some functions
(such as udf_truncate_extents()) will just BUG. Check that extent type
is valid when loading the inode to memory.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@xxxxxxxxx>
Signed-off-by: Jan Kara <jack@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
fs/udf/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 035943501b9f..fd817022cb9b 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1372,6 +1372,12 @@ reread:
iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) &
ICBTAG_FLAG_AD_MASK;
+ if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_SHORT &&
+ iinfo->i_alloc_type != ICBTAG_FLAG_AD_LONG &&
+ iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) {
+ ret = -EIO;
+ goto out;
+ }
iinfo->i_unique = 0;
iinfo->i_lenEAttr = 0;
iinfo->i_lenExtents = 0;
--
2.19.1