From: Sheng Yong shengyong1@huawei.com
commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b upstream.
Dentry bitmap is not enough to detect incorrect dentries. So this patch also checks the namelen value of a dentry.
Signed-off-by: Gong Chen gongchen4@huawei.com Signed-off-by: Sheng Yong shengyong1@huawei.com Reviewed-by: Chao Yu yuchao0@huawei.com Signed-off-by: Jaegeuk Kim jaegeuk@kernel.org Signed-off-by: Ben Hutchings ben.hutchings@codethink.co.uk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/f2fs/dir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -808,7 +808,8 @@ int f2fs_fill_dentries(struct dir_contex
/* check memory boundary before moving forward */ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - if (unlikely(bit_pos > d->max)) { + if (unlikely(bit_pos > d->max || + le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { f2fs_msg(sbi->sb, KERN_WARNING, "%s: corrupted namelen=%d, run fsck to fix.", __func__, le16_to_cpu(de->name_len));