From 6735fd547d3e5784381bdadc977ced7f05e122e7 Mon Sep 17 00:00:00 2001
From: Andrew Morton <akpm@osdl.org>
Date: Tue, 21 Jun 2005 17:16:50 -0700
Subject: [PATCH] --- yaml --- r: 2555 b: refs/heads/master c:
 e595447e177b39aa6c96baaa57b30cde2d8b9df7 h: refs/heads/master i:   2553:
 0878430a4ee74dfcd1e37c6eb2e1315bbcd10b53   2551:
 c8b3c19b3b3d1b4051f81750ecd5373385a70d80 v: v3

---
 [refs]                |  2 +-
 trunk/fs/isofs/rock.c | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 337547cd1249..7f4f7d5d3112 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 9eb7f2c67c41d2cd730aedcd23e5baca09211d03
+refs/heads/master: e595447e177b39aa6c96baaa57b30cde2d8b9df7
diff --git a/trunk/fs/isofs/rock.c b/trunk/fs/isofs/rock.c
index 977dd7009c07..9a81830abff8 100644
--- a/trunk/fs/isofs/rock.c
+++ b/trunk/fs/isofs/rock.c
@@ -81,9 +81,22 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode)
 static int rock_continue(struct rock_state *rs)
 {
 	int ret = 1;
+	int blocksize = 1 << rs->inode->i_blkbits;
+	const int min_de_size = offsetof(struct rock_ridge, u);
 
 	kfree(rs->buffer);
 	rs->buffer = NULL;
+
+	if ((unsigned)rs->cont_offset > blocksize - min_de_size ||
+	    (unsigned)rs->cont_size > blocksize ||
+	    (unsigned)(rs->cont_offset + rs->cont_size) > blocksize) {
+		printk(KERN_NOTICE "rock: corrupted directory entry. "
+			"extent=%d, offset=%d, size=%d\n",
+			rs->cont_extent, rs->cont_offset, rs->cont_size);
+		ret = -EIO;
+		goto out;
+	}
+
 	if (rs->cont_extent) {
 		struct buffer_head *bh;