[XFS] Fix oops in xfs_file_readdir()
When xfs_file_readdir() exactly fills a buffer, it can move it's index past the end of the buffer and dereference it even though the result of the dereference is never used. On some platforms this causes an oops. SGI-PV: 976923 SGI-Modid: xfs-linux-melb:xfs-kern:30458a Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
This commit is contained in:
parent
cbc89dcfd2
commit
450790a2c5
|
@ -350,8 +350,8 @@ xfs_file_readdir(
|
|||
|
||||
size = buf.used;
|
||||
de = (struct hack_dirent *)buf.dirent;
|
||||
curr_offset = de->offset /* & 0x7fffffff */;
|
||||
while (size > 0) {
|
||||
curr_offset = de->offset /* & 0x7fffffff */;
|
||||
if (filldir(dirent, de->name, de->namlen,
|
||||
curr_offset & 0x7fffffff,
|
||||
de->ino, de->d_type)) {
|
||||
|
@ -362,7 +362,6 @@ xfs_file_readdir(
|
|||
sizeof(u64));
|
||||
size -= reclen;
|
||||
de = (struct hack_dirent *)((char *)de + reclen);
|
||||
curr_offset = de->offset /* & 0x7fffffff */;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue