[PATCH 4.9 160/175] jfs: Fix array index bounds check in dbAdjTree

From: Greg Kroah-Hartman
Date: Mon Dec 28 2020 - 11:29:00 EST


From: Dave Kleikamp <dave.kleikamp@xxxxxxxxxx>

commit c61b3e4839007668360ed8b87d7da96d2e59fc6c upstream.

Bounds checking tools can flag a bug in dbAdjTree() for an array index
out of bounds in dmt_stree. Since dmt_stree can refer to the stree in
both structures dmaptree and dmapctl, use the larger array to eliminate
the false positive.

Signed-off-by: Dave Kleikamp <dave.kleikamp@xxxxxxxxxx>
Reported-by: butt3rflyh4ck <butterflyhuangxx@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
fs/jfs/jfs_dmap.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/jfs/jfs_dmap.h
+++ b/fs/jfs/jfs_dmap.h
@@ -196,7 +196,7 @@ typedef union dmtree {
#define dmt_leafidx t1.leafidx
#define dmt_height t1.height
#define dmt_budmin t1.budmin
-#define dmt_stree t1.stree
+#define dmt_stree t2.stree

/*
* on-disk aggregate disk allocation map descriptor.