[PATCH] ext2/ext3_free_blocks() extra check

From Andreas Dilger. Additional sanity checks in the ext2 and ext3 block allocators: if someone tries to free a negative number of blocks, detect and handle that rather than wrecking the fs.

[PATCH] ext2/ext3_free_blocks() extra check
From Andreas Dilger. Additional sanity checks in the ext2 and ext3 block allocators: if someone tries to free a negative number of blocks, detect and handle that rather than wrecking the fs.
db0d232c · Andrew Morton · Jaroslav Kysela · 344391c7 · db0d232c · db0d232c
Commit db0d232c authored Dec 14, 2002 by Andrew Morton Committed by Jaroslav Kysela Dec 14, 2002
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

fs/ext2/balloc.c fs/ext2/balloc.c +3 -2

fs/ext3/balloc.c fs/ext3/balloc.c +3 -2

No files found.
--- a/fs/ext2/balloc.c
+++ b/fs/ext2/balloc.c
@@ -178,8 +178,9 @@ void ext2_free_blocks (struct inode * inode, unsigned long block,
 	lock_super (sb);
 	es = EXT2_SB(sb)->s_es;
-	if (block < le32_to_cpu(es->s_first_data_block) || 
+	if (block < le32_to_cpu(es->s_first_data_block) ||
-	    (block + count) > le32_to_cpu(es->s_blocks_count)) {
+	    block + count < block ||
+	    block + count > le32_to_cpu(es->s_blocks_count)) {
 		ext2_error (sb, "ext2_free_blocks",
 			    "Freeing blocks not in datazone - "
 			    "block = %lu, count = %lu", block, count);

--- a/fs/ext3/balloc.c
+++ b/fs/ext3/balloc.c
@@ -120,8 +120,9 @@ void ext3_free_blocks (handle_t *handle, struct inode * inode,
 	}
 	lock_super (sb);
 	es = EXT3_SB(sb)->s_es;
-	if (block < le32_to_cpu(es->s_first_data_block) || 
+	if (block < le32_to_cpu(es->s_first_data_block) ||
-	    (block + count) > le32_to_cpu(es->s_blocks_count)) {
+	    block + count < block ||
+	    block + count > le32_to_cpu(es->s_blocks_count)) {
 		ext3_error (sb, "ext3_free_blocks",
 			    "Freeing blocks not in datazone - "
 			    "block = %lu, count = %lu", block, count);