diff options
author | mckusick <mckusick@FreeBSD.org> | 2018-02-23 22:23:28 +0000 |
---|---|---|
committer | mckusick <mckusick@FreeBSD.org> | 2018-02-23 22:23:28 +0000 |
commit | 7e11f0c9e0a5a1c72517731fac5d055d3e210368 (patch) | |
tree | ee63bc555f8f1dbadbee684ca2da97c8846aa0e9 | |
parent | 7cc8f4530111ec4a22a0602cb12e7336b5165f7a (diff) | |
download | FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.zip FreeBSD-src-7e11f0c9e0a5a1c72517731fac5d055d3e210368.tar.gz |
MFC of 329749.
Fix a read past the end of a buffer in fsck.
-rw-r--r-- | sbin/fsck_ffs/inode.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/fsck_ffs/inode.c b/sbin/fsck_ffs/inode.c index c72e1be..d13c5b2 100644 --- a/sbin/fsck_ffs/inode.c +++ b/sbin/fsck_ffs/inode.c @@ -451,8 +451,10 @@ cacheino(union dinode *dp, ino_t inumber) if (howmany(DIP(dp, di_size), sblock.fs_bsize) > NDADDR) blks = NDADDR + NIADDR; - else + else if (DIP(dp, di_size) > 0) blks = howmany(DIP(dp, di_size), sblock.fs_bsize); + else + blks = 1; inp = (struct inoinfo *) Malloc(sizeof(*inp) + (blks - 1) * sizeof(ufs2_daddr_t)); if (inp == NULL) |