diff options
author | David Chinner <dgc@sgi.com> | 2008-02-06 13:37:40 +1100 |
---|---|---|
committer | Lachlan McIlroy <lachlan@redback.melbourne.sgi.com> | 2008-02-07 18:24:13 +1100 |
commit | 450790a2c51e6d9d47ed30dbdcf486656b8e186f (patch) | |
tree | 4951fb3e7fae21a791fd7c4b161a1d3f0e6dc571 /fs/xfs/linux-2.6 | |
parent | cbc89dcfd24fd161f7a8e262266177db160a58fb (diff) | |
download | kernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.tar.gz kernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.tar.bz2 kernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.zip |
[XFS] Fix oops in xfs_file_readdir()
When xfs_file_readdir() exactly fills a buffer, it can move it's index
past the end of the buffer and dereference it even though the result of
the dereference is never used. On some platforms this causes an oops.
SGI-PV: 976923
SGI-Modid: xfs-linux-melb:xfs-kern:30458a
Signed-off-by: David Chinner <dgc@sgi.com>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Diffstat (limited to 'fs/xfs/linux-2.6')
-rw-r--r-- | fs/xfs/linux-2.6/xfs_file.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/xfs/linux-2.6/xfs_file.c b/fs/xfs/linux-2.6/xfs_file.c index 21a1c2b1c5f..edab1ffbb16 100644 --- a/fs/xfs/linux-2.6/xfs_file.c +++ b/fs/xfs/linux-2.6/xfs_file.c @@ -350,8 +350,8 @@ xfs_file_readdir( size = buf.used; de = (struct hack_dirent *)buf.dirent; - curr_offset = de->offset /* & 0x7fffffff */; while (size > 0) { + curr_offset = de->offset /* & 0x7fffffff */; if (filldir(dirent, de->name, de->namlen, curr_offset & 0x7fffffff, de->ino, de->d_type)) { @@ -362,7 +362,6 @@ xfs_file_readdir( sizeof(u64)); size -= reclen; de = (struct hack_dirent *)((char *)de + reclen); - curr_offset = de->offset /* & 0x7fffffff */; } } |