diff options
| author | Eric Sandeen <esandeen@redhat.com> | 2006-08-30 02:16:55 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2006-08-30 02:16:55 -0400 |
| commit | 5830d6be9c33e23bb20c339036083e6e4fa6795e (patch) | |
| tree | e896bdb9499e533e0a89d11d7f652ab4bd32ffea | |
| parent | 57d7bb7b087d93d67623e260c1380afed1665e24 (diff) | |
| download | e2fsprogs-5830d6be9c33e23bb20c339036083e6e4fa6795e.tar.gz | |
Detect overflows in loop counters
For loops such as:
for (i=1; i <= fs->super->s_blocks_count; i++) {
<do_stuff>
}
if i is an int and s_blocks_count is (2^32-1), the condition is never false.
Change these loops to:
for (i=1; i <= fs->super->s_blocks_count && i > 0; i++) {
<do_stuff>
}
to stop the loop when we overflow i
Signed-off-by: Eric Sandeen <esandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
| -rw-r--r-- | e2fsck/ChangeLog | 6 | ||||
| -rw-r--r-- | e2fsck/pass4.c | 5 | ||||
| -rw-r--r-- | e2fsck/pass5.c | 13 | ||||
| -rw-r--r-- | lib/ext2fs/ChangeLog | 3 | ||||
| -rw-r--r-- | lib/ext2fs/bitmaps.c | 5 | ||||
| -rw-r--r-- | resize/ChangeLog | 4 | ||||
| -rw-r--r-- | resize/resize2fs.c | 4 |
7 files changed, 31 insertions, 9 deletions
diff --git a/e2fsck/ChangeLog b/e2fsck/ChangeLog index a14563cb..208b7efd 100644 --- a/e2fsck/ChangeLog +++ b/e2fsck/ChangeLog @@ -1,3 +1,9 @@ +2006-08-30 Theodore Tso <tytso@mit.edu> + + * pass5.c (check_inode_bitmaps, check_inode_end, check_block_end): + * pass4.c (e2fsck_pass4): Fix potential overflow problems when the + number of blocks is close to 2**31. + 2006-08-29 Theodore Tso <tytso@mit.edu> * super.c (release_inode_blocks): Fix silly spelling error. diff --git a/e2fsck/pass4.c b/e2fsck/pass4.c index 985e8f6d..0f92da0d 100644 --- a/e2fsck/pass4.c +++ b/e2fsck/pass4.c @@ -110,8 +110,9 @@ void e2fsck_pass4(e2fsck_t ctx) if (ctx->progress) if ((ctx->progress)(ctx, 4, 0, maxgroup)) return; - - for (i=1; i <= fs->super->s_inodes_count; i++) { + + /* Protect loop from wrap-around if s_inodes_count maxed */ + for (i=1; i <= fs->super->s_inodes_count && i > 0; i++) { if (ctx->flags & E2F_FLAG_SIGNAL_MASK) return; if ((i % fs->super->s_inodes_per_group) == 0) { diff --git a/e2fsck/pass5.c b/e2fsck/pass5.c index eb3ebf02..7467854d 100644 --- a/e2fsck/pass5.c +++ b/e2fsck/pass5.c @@ -370,7 +370,8 @@ redo_counts: EXT2_BG_INODE_UNINIT)) skip_group++; - for (i = 1; i <= fs->super->s_inodes_count; i++) { + /* Protect loop from wrap-around if inodes_count is maxed */ + for (i = 1; i <= fs->super->s_inodes_count && i > 0; i++) { actual = ext2fs_fast_test_inode_bitmap(ctx->inode_used_map, i); if (skip_group) bitmap = 0; @@ -528,8 +529,9 @@ static void check_inode_end(e2fsck_t ctx) } if (save_inodes_count == end) return; - - for (i = save_inodes_count + 1; i <= end; i++) { + + /* protect loop from wrap-around if end is maxed */ + for (i = save_inodes_count + 1; i <= end && i > save_inodes_count; i++) { if (!ext2fs_test_inode_bitmap(fs->inode_map, i)) { if (fix_problem(ctx, PR_5_INODE_BMAP_PADDING, &pctx)) { for (i = save_inodes_count + 1; i <= end; i++) @@ -572,8 +574,9 @@ static void check_block_end(e2fsck_t ctx) } if (save_blocks_count == end) return; - - for (i = save_blocks_count + 1; i <= end; i++) { + + /* Protect loop from wrap-around if end is maxed */ + for (i = save_blocks_count + 1; i <= end && i > save_blocks_count; i++) { if (!ext2fs_test_block_bitmap(fs->block_map, i)) { if (fix_problem(ctx, PR_5_BLOCK_BMAP_PADDING, &pctx)) { for (i = save_blocks_count + 1; i <= end; i++) diff --git a/lib/ext2fs/ChangeLog b/lib/ext2fs/ChangeLog index 6a2c8bdf..672a0ee4 100644 --- a/lib/ext2fs/ChangeLog +++ b/lib/ext2fs/ChangeLog @@ -1,5 +1,8 @@ 2006-08-30 Theodore Tso <tytso@mit.edu> + * bitmaps.c (ext2fs_set_bitmap_padding): Fix potential overflow + problems when the number of blocks is close to 2**31. + * ext2fs.h (ext2fs_div_ceil): Add new function which safely calculates an integer division where the result is always rounded up while avoiding overflow errors. diff --git a/lib/ext2fs/bitmaps.c b/lib/ext2fs/bitmaps.c index 7edd28d7..696baad3 100644 --- a/lib/ext2fs/bitmaps.c +++ b/lib/ext2fs/bitmaps.c @@ -102,7 +102,10 @@ void ext2fs_set_bitmap_padding(ext2fs_generic_bitmap map) { __u32 i, j; - for (i=map->end+1, j = i - map->start; i <= map->real_end; i++, j++) + /* Protect loop from wrap-around if map->real_end is maxed */ + for (i=map->end+1, j = i - map->start; + i <= map->real_end && i > map->end; + i++, j++) ext2fs_set_bit(j, map->bitmap); return; diff --git a/resize/ChangeLog b/resize/ChangeLog index 32f116bc..dea9ba62 100644 --- a/resize/ChangeLog +++ b/resize/ChangeLog @@ -1,5 +1,9 @@ 2006-08-30 Theodore Tso <tytso@mit.edu> + * resize2fs.c (ext2fs_calculate_summary_stats): Fix potential + overflow problems when the number of blocks is close to + 2**31. + * resize2fs.c (adjust_fs_info): Use ext2fs_div_ceil() instead of a using an open-coded expression which was subject to overflows. diff --git a/resize/resize2fs.c b/resize/resize2fs.c index f6c3ede8..74b517b7 100644 --- a/resize/resize2fs.c +++ b/resize/resize2fs.c @@ -1582,7 +1582,9 @@ static errcode_t ext2fs_calculate_summary_stats(ext2_filsys fs) total_free = 0; count = 0; group = 0; - for (ino = 1; ino <= fs->super->s_inodes_count; ino++) { + + /* Protect loop from wrap-around if s_inodes_count maxed */ + for (ino = 1; ino <= fs->super->s_inodes_count && ino > 0; ino++) { if (!ext2fs_fast_test_inode_bitmap(fs->inode_map, ino)) { group_free++; total_free++; |