MFC of 329749.

Fix a read past the end of a buffer in fsck.
author: mckusick <mckusick@FreeBSD.org> 2018-02-23 22:23:28 +0000
committer: mckusick <mckusick@FreeBSD.org> 2018-02-23 22:23:28 +0000
commit: 7e11f0c9e0a5a1c72517731fac5d055d3e210368 (patch)
tree: ee63bc555f8f1dbadbee684ca2da97c8846aa0e9
parent: 7cc8f4530111ec4a22a0602cb12e7336b5165f7a (diff)
download: FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.zip
FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/fsck_ffs/inode.c b/sbin/fsck_ffs/inode.c
index c72e1be..d13c5b2 100644
--- a/sbin/fsck_ffs/inode.c
+++ b/sbin/fsck_ffs/inode.c
@@ -451,8 +451,10 @@ cacheino(union dinode *dp, ino_t inumber)
 
 	if (howmany(DIP(dp, di_size), sblock.fs_bsize) > NDADDR)
 		blks = NDADDR + NIADDR;
-	else
+	else if (DIP(dp, di_size) > 0)
 		blks = howmany(DIP(dp, di_size), sblock.fs_bsize);
+	else
+		blks = 1;
 	inp = (struct inoinfo *)
 		Malloc(sizeof(*inp) + (blks - 1) * sizeof(ufs2_daddr_t));
 	if (inp == NULL)
author	mckusick <mckusick@FreeBSD.org>	2018-02-23 22:23:28 +0000
committer	mckusick <mckusick@FreeBSD.org>	2018-02-23 22:23:28 +0000
commit	7e11f0c9e0a5a1c72517731fac5d055d3e210368 (patch)
tree	ee63bc555f8f1dbadbee684ca2da97c8846aa0e9
parent	7cc8f4530111ec4a22a0602cb12e7336b5165f7a (diff)
download	FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.zip FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.tar.gz