[PATCH] jffs2: bugfix of summary length

chenjie6 at huawei.com chenjie6 at huawei.com
Wed Dec 3 01:01:15 PST 2014


From: chenjie <chenjie6 at huawei.com>

When power is off, the magic of summary is writed but the length not 
so the length is 0xffffffff, sumlen maybe very large. 
The kmalloc() failed  and mount failed.
	
Cc: <stable at vger.kernel.org>
Signed-off-by: Chen Jie <chenjie6 at huawei.com>
---
 fs/jffs2/scan.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 7654e87..6187e56 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -510,6 +510,9 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 				sumlen = c->sector_size - je32_to_cpu(sm->offset);
 				sumptr = buf + buf_size - sumlen;
 
+				if (sumlen > c->sector_size)
+					goto full_scan;
+
 				/* Now, make sure the summary itself is available */
 				if (sumlen > buf_size) {
 					/* Need to kmalloc for this. */
@@ -544,6 +547,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 		}
 	}
 
+full_scan:
 	buf_ofs = jeb->offset;
 
 	if (!buf_size) {
-- 
1.8.0




More information about the linux-mtd mailing list