Re: [PATCH] ubifs: Fix potentially out-of-bounds memory access in ubifs_dump_node

From: Richard Weinberger
Date: Mon Jan 13 2020 - 02:54:13 EST


----- UrsprÃngliche Mail -----
> Problems with storage devices are indeed a problem, But because the wrong
> "ch->len" causes the kernel to crash, this cost is too heavy. We should
> avoid kernel crashes due to such errors.
>
>
> Although a crc error was found in "ubifs_check_node", it is difficult to
> simply judge whether "ch->len" is reasonable, so I think we only need to know
> the _location_ of the error data node, and it is not necessary to present its
> contents together.

What we can try is optionally passing the buffer length to ubifs_dump_node().
If crc is bad but ch->len is within bounds we can still safely dump.

Thanks,
//richard