fsck.f2fs: fix potential overflow of copying i_name
If i_namelen is corrupted, there may be an overflow when doing memcpy.
Signed-off-by: Sheng Yong <shengyong@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
diff --git a/fsck/fsck.c b/fsck/fsck.c
index 036a834..ebc60ad 100644
--- a/fsck/fsck.c
+++ b/fsck/fsck.c
@@ -742,8 +742,10 @@
if (ftype == F2FS_FT_DIR) {
f2fs_set_main_bitmap(sbi, ni->blk_addr, CURSEG_HOT_NODE);
- memcpy(child.p_name, node_blk->i.i_name,
- node_blk->i.i_namelen);
+ namelen = le32_to_cpu(node_blk->i.i_namelen);
+ if (namelen > F2FS_NAME_LEN)
+ namelen = F2FS_NAME_LEN;
+ memcpy(child.p_name, node_blk->i.i_name, namelen);
} else {
if (f2fs_test_main_bitmap(sbi, ni->blk_addr) == 0) {
f2fs_set_main_bitmap(sbi, ni->blk_addr,