Skip to content

Commit fad376f

Browse files
Liu Shixin via Jfs-discussionkleikamp
Liu Shixin via Jfs-discussion
authored and
kleikamp
committed
fs/jfs: fix shift exponent db_agl2size negative
As a shift exponent, db_agl2size can not be less than 0. Add the missing check to fix the shift-out-of-bounds bug reported by syzkaller: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:2227:15 shift exponent -744642816 is negative Reported-by: [email protected] Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Liu Shixin <[email protected]> Signed-off-by: Dave Kleikamp <[email protected]>
1 parent 69b41ac commit fad376f

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

fs/jfs/jfs_dmap.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,8 @@ int dbMount(struct inode *ipbmap)
193193
bmp->db_agwidth = le32_to_cpu(dbmp_le->dn_agwidth);
194194
bmp->db_agstart = le32_to_cpu(dbmp_le->dn_agstart);
195195
bmp->db_agl2size = le32_to_cpu(dbmp_le->dn_agl2size);
196-
if (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) {
196+
if (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG ||
197+
bmp->db_agl2size < 0) {
197198
err = -EINVAL;
198199
goto err_release_metapage;
199200
}

0 commit comments

Comments
 (0)