[PATCH 4.4 122/132] jfs: Fix array index bounds check in dbAdjTree
From: Greg Kroah-Hartman
Date: Mon Dec 28 2020 - 07:58:37 EST
From: Dave Kleikamp <dave.kleikamp@xxxxxxxxxx>
commit c61b3e4839007668360ed8b87d7da96d2e59fc6c upstream.
Bounds checking tools can flag a bug in dbAdjTree() for an array index
out of bounds in dmt_stree. Since dmt_stree can refer to the stree in
both structures dmaptree and dmapctl, use the larger array to eliminate
the false positive.
Signed-off-by: Dave Kleikamp <dave.kleikamp@xxxxxxxxxx>
Reported-by: butt3rflyh4ck <butterflyhuangxx@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/jfs/jfs_dmap.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/jfs/jfs_dmap.h
+++ b/fs/jfs/jfs_dmap.h
@@ -196,7 +196,7 @@ typedef union dmtree {
#define dmt_leafidx t1.leafidx
#define dmt_height t1.height
#define dmt_budmin t1.budmin
-#define dmt_stree t1.stree
+#define dmt_stree t2.stree
/*
* on-disk aggregate disk allocation map descriptor.