From: Jan Kara jack@suse.cz
[ Upstream commit d288d95842f1503414b7eebce3773bac3390457e ]
When inode is corrupted so that extent type is invalid, some functions (such as udf_truncate_extents()) will just BUG. Check that extent type is valid when loading the inode to memory.
Reported-by: Anatoly Trosinenko anatoly.trosinenko@gmail.com Signed-off-by: Jan Kara jack@suse.cz Signed-off-by: Sasha Levin sashal@kernel.org --- fs/udf/inode.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c index 035943501b9f..fd817022cb9b 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -1372,6 +1372,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode)
iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) & ICBTAG_FLAG_AD_MASK; + if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_SHORT && + iinfo->i_alloc_type != ICBTAG_FLAG_AD_LONG && + iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { + ret = -EIO; + goto out; + } iinfo->i_unique = 0; iinfo->i_lenEAttr = 0; iinfo->i_lenExtents = 0;