commit 32c2d2bc4bed61323f14f2a7d69ccbd567253d8a
author Eric Sandeen <esandeen@redhat.com> Wed Sep 27 01:49:36 2006 -0700
committer Linus Torvalds <torvalds@g5.osdl.org> Wed Sep 27 08:26:10 2006 -0700
tree 07b65d42ae5fa3d38ad8832928408dcd4aa31fc6
parent a4e4de36dc446b2193bdc8ebb96a96e44b69dd94

[PATCH] more ext3 16T overflow fixes

Some of the changes in balloc.c are just cosmetic, as Andreas pointed out -
if they overflow they'll then underflow and things are fine.

5th hunk actually fixes an overflow problem.

Also check for potential overflows in inode & block counts when resizing.

Signed-off-by: Eric Sandeen <esandeen@redhat.com>
Cc: Mingming Cao <cmm@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/ext3/resize.c

diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c
index e186f7f..9e318a5 100644
--- a/fs/ext3/resize.c
+++ b/fs/ext3/resize.c
@@ -731,6 +731,18 @@
 		return -EPERM;
 	}
 
+	if (le32_to_cpu(es->s_blocks_count) + input->blocks_count <
+	    le32_to_cpu(es->s_blocks_count)) {
+		ext3_warning(sb, __FUNCTION__, "blocks_count overflow\n");
+		return -EINVAL;
+	}
+
+	if (le32_to_cpu(es->s_inodes_count) + EXT3_INODES_PER_GROUP(sb) <
+	    le32_to_cpu(es->s_inodes_count)) {
+		ext3_warning(sb, __FUNCTION__, "inodes_count overflow\n");
+		return -EINVAL;
+	}
+
 	if (reserved_gdb || gdb_off == 0) {
 		if (!EXT3_HAS_COMPAT_FEATURE(sb,
 					     EXT3_FEATURE_COMPAT_RESIZE_INODE)){
@@ -959,6 +971,11 @@
 
 	add = EXT3_BLOCKS_PER_GROUP(sb) - last;
 
+	if (o_blocks_count + add < o_blocks_count) {
+		ext3_warning(sb, __FUNCTION__, "blocks_count overflow");
+		return -EINVAL;
+	}
+
 	if (o_blocks_count + add > n_blocks_count)
 		add = n_blocks_count - o_blocks_count;