CC-ing n...@nmacleod.com
Michael, thank you for posting the patch.
Neil, does it solve your problem?
Daniel
On Fri, May 17, 2019 at 05:00:19PM +0800, Michael Chang wrote:
> The function grub_get_node_path could return uninitialized offset with
> level == 0 if the block is greater than direct_index + 2*direct_blks +
> 2*indirect_blks + dindirect_blks. The uninitialized offset is then used
> by function grub_f2fs_get_block because level == 0 is valid and
> meaningful return to be processed.
>
> The fix is to set level = -1 as return value by grub_get_node_path to
> signify an error that the input block cannot be handled. Any caller
> should therefore check level is negative or not before processing the
> output.
>
> Reported-by: Neil MacLeod <n...@nmacleod.com>
> Signed-off-by: Michael Chang <mch...@suse.com>
> ---
> grub-core/fs/f2fs.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
> index 644653dbe..bb28b291b 100644
> --- a/grub-core/fs/f2fs.c
> +++ b/grub-core/fs/f2fs.c
> @@ -702,7 +702,7 @@ grub_get_node_path (struct grub_f2fs_inode *inode,
> grub_uint32_t block,
> grub_uint32_t dindirect_blks = indirect_blks * NIDS_PER_BLOCK;
> grub_uint32_t direct_index = DEF_ADDRS_PER_INODE;
> int n = 0;
> - int level = 0;
> + int level = -1;
>
> if (inode->i_inline & F2FS_INLINE_XATTR)
> direct_index -= F2FS_INLINE_XATTR_ADDRS;
> @@ -712,6 +712,7 @@ grub_get_node_path (struct grub_f2fs_inode *inode,
> grub_uint32_t block,
> if (block < direct_index)
> {
> offset[n] = block;
> + level = 0;
> goto got;
> }
>
> @@ -860,6 +861,10 @@ grub_f2fs_get_block (grub_fshelp_node_t node,
> grub_disk_addr_t block_ofs)
> int level, i;
>
> level = grub_get_node_path (inode, block_ofs, offset, noffset);
> +
> + if (level < 0)
> + return -1;
> +
> if (level == 0)
> return grub_le_to_cpu32 (inode->i_addr[offset[0]]);
>
> --
> 2.16.4
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
