udf: Verify partition map count (1a112016) · Commits · git / linux-net

fs/udf/super.c

+11 −2

Original line number	Diff line number	Diff line
		@@ -1440,7 +1440,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
		struct genericPartitionMap *gpm;
		uint16_t ident;
		struct buffer_head *bh;
		unsigned int table_len;
		unsigned int table_len, part_map_count;
		int ret;

		bh = udf_read_tagged(sb, block, block, &ident);
		@@ -1461,7 +1461,16 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
		"logical volume");
		if (ret)
		goto out_bh;
		ret = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps));

		part_map_count = le32_to_cpu(lvd->numPartitionMaps);
		if (part_map_count > table_len / sizeof(struct genericPartitionMap1)) {
		udf_err(sb, "error loading logical volume descriptor: "
		"Too many partition maps (%u > %u)\n", part_map_count,
		table_len / (unsigned)sizeof(struct genericPartitionMap1));
		ret = -EIO;
		goto out_bh;
		}
		ret = udf_sb_alloc_partition_maps(sb, part_map_count);
		if (ret)
		goto out_bh;