Skip to content

Commit

Permalink
jfs: Fix array index bounds check in dbAdjTree
Browse files Browse the repository at this point in the history 
Bounds checking tools can flag a bug in dbAdjTree() for an array index
out of bounds in dmt_stree. Since dmt_stree can refer to the stree in
both structures dmaptree and dmapctl, use the larger array to eliminate
the false positive.

Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
(cherry picked from commit c61b3e4)
CVE-2020-27815
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com>
  • Loading branch information
Dave Kleikamp authored and Timo Aaltonen committed Feb 18, 2021
1 parent da9ce88 commit d496a08
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/jfs/jfs_dmap.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ typedef union dmtree {
#define dmt_leafidx t1.leafidx
#define dmt_height t1.height
#define dmt_budmin t1.budmin
#define dmt_stree t1.stree
#define dmt_stree t2.stree

/*
* on-disk aggregate disk allocation map descriptor.
Expand Down

0 comments on commit d496a08

Please sign in to comment.