Commit a5f5e469 authored by Ghanshyam Agrawal's avatar Ghanshyam Agrawal Committed by Dave Kleikamp
Browse files

jfs: fix shift-out-of-bounds in dbSplit 



When dmt_budmin is less than zero, it causes errors
in the later stages. Added a check to return an error beforehand
in dbAllocCtl itself.

Reported-by: default avatar <syzbot+b5ca8a249162c4b9a7d0@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=b5ca8a249162c4b9a7d0


Signed-off-by: default avatarGhanshyam Agrawal <ghanshyam1898@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
parent ca84a2c9

fs/jfs/jfs_dmap.c

+3 −0
Original line number Diff line number Diff line
@@ -1820,6 +1820,9 @@ dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, s64 * results) 
			return -EIO;

		dp = (struct dmap *) mp->data;



		if (dp->tree.budmin < 0)

			return -EIO;



		/* try to allocate the blocks.

		 */

		rc = dbAllocDmapLev(bmp, dp, (int) nblocks, l2nb, results);