Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / a4ed978c4e55ae887f22e026105102b283f2a7d2
commita4ed978c4e55ae887f22e026105102b283f2a7d2[log] [tgz]
authorJan Kara <jack@suse.cz>Tue Jul 10 17:58:04 2012 +0200
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:15:49 2020 +0200
tree62d564c35409763795213fcc4d4d4d516095489d
parentf29840e70c3eee7ba62112a1e097cf02b387992d [diff]
udf: Improve table length check to avoid possible overflow

commit 57b9655d01ef057a523e810d29c37ac09b80eead upstream.

When a partition table length is corrupted to be close to 1 << 32, the
check for its length may overflow on 32-bit systems and we will think
the length is valid. Later on the kernel can crash trying to read beyond
end of buffer. Fix the check to avoid possible overflow.

Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 62d564c35409763795213fcc4d4d4d516095489d
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS