[JFFS2] Fix buffer length calculations in jffs2_get_inode_nodes()

Linux-MTD Mailing List linux-mtd at lists.infradead.org
Fri Jun 1 08:59:01 EDT 2007 

Gitweb:     http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=ea55d30798ac206c9f584ac264b6b8eb093d237a
Commit:     ea55d30798ac206c9f584ac264b6b8eb093d237a
Parent:     2ad8ee713566671875216ebcec64f2eda47bd19d
Author:     Artem Bityutskiy <Artem.Bityutskiy at nokia.com>
AuthorDate: Wed May 30 12:08:14 2007 +0300
Committer:  David Woodhouse <dwmw2 at infradead.org>
CommitDate: Fri Jun 1 13:20:29 2007 +0100

    [JFFS2] Fix buffer length calculations in jffs2_get_inode_nodes()
    
    If we have already read enough bytes, no need to call read_more().
    
    Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy at nokia.com>
    Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
---
 fs/jffs2/readinode.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 4884d5e..5663e8c 100644
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -1044,7 +1044,8 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
 
 		case JFFS2_NODETYPE_DIRENT:
 
-			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent)) {
+			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent) &&
+			    len < sizeof(struct jffs2_raw_dirent)) {
 				err = read_more(c, ref, sizeof(struct jffs2_raw_dirent), &len, buf);
 				if (unlikely(err))
 					goto free_out;
@@ -1058,7 +1059,8 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
 
 		case JFFS2_NODETYPE_INODE:
 
-			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode)) {
+			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode) &&
+			    len < sizeof(struct jffs2_raw_inode)) {
 				err = read_more(c, ref, sizeof(struct jffs2_raw_inode), &len, buf);
 				if (unlikely(err))
 					goto free_out;
@@ -1071,7 +1073,8 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
 			break;
 
 		default:
-			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node)) {
+			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node) &&
+			    len < sizeof(struct jffs2_unknown_node)) {
 				err = read_more(c, ref, sizeof(struct jffs2_unknown_node), &len, buf);
 				if (unlikely(err))
 					goto free_out;

More information about the linux-mtd-cvs mailing list