fat32 possible oops when fs is corrupted

Alexander V. Lukyanov (lav@long.yar.ru)
Wed, 25 Mar 1998 13:33:02 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Schwab: "Re: c++ module support?"
Previous message: Jakob Borg: "proclaimed kernel networking bug"

It is the following code in fs/fat/inode.c:

MSDOS_SB(sb)->fsinfo_offset =
CF_LE_W(b->info_sector) * logical_sector_size + 0x1e0;
fsinfo = (struct fat_boot_fsinfo *)
&bh->b_data[MSDOS_SB(sb)->fsinfo_offset];

When fs is corrupted, fsinfo_offset can be too large and lead to
reference to invalid memory.

Alexander.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Andreas Schwab: "Re: c++ module support?"
Previous message: Jakob Borg: "proclaimed kernel networking bug"