Re: [PATCH] jfs: fix missing bounds check in __jfs_setxattr()

Next message: Jan Kara: "Re: [PATCH] jbd2: enforce power-of-two default revoke hash size at compile time"
Previous message: Guangshuo Li: "Re: [PATCH v2] misc: microchip: pci1xxxx: fix IRQ vector leak in gp_aux_bus_probe()"
In reply to: Jori Koolstra: "Re: [PATCH] jfs: fix missing bounds check in __jfs_setxattr()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jori Koolstra

Date: Thu Apr 16 2026 - 06:16:06 EST

> Op 16-04-2026 12:01 CEST schreef Jori Koolstra <jkoolstra@xxxxxxxxx>:
> > ---
> > fs/jfs/xattr.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
> > index 11d7f74d2..320659bb8 100644
> > --- a/fs/jfs/xattr.c
> > +++ b/fs/jfs/xattr.c
> > @@ -688,8 +688,14 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
> > new_size = sizeof (struct jfs_ea_list);
> >
> > if (xattr_size) {
> > - for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist);
> > + struct jfs_ea *ealist_end = END_EALIST(ealist);
> > + for (ea = FIRST_EA(ealist); ea < ealist_end;
> > ea = NEXT_EA(ea)) {
> > + if (unlikely(ea + 1 > ealist_end) ||
>
> What use is this check? How can ea + 1 > ealist_end immediately after
> ea < ealist_end?
>

Maybe I should rephrase this a bit more clearly: does the

unlikely(NEXT_EA(ea) > ealist_end))

already take care of that potential scenario?