Commit cca974da authored by Manas Ghandat's avatar Manas Ghandat Committed by Dave Kleikamp
Browse files

jfs: fix shift-out-of-bounds in dbJoin 



Currently while joining the leaf in a buddy system there is shift out
of bound error in calculation of BUDSIZE. Added the required check
to the BUDSIZE and fixed the documentation as well.

Reported-by: default avatar <syzbot+411debe54d318eaed386@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=411debe54d318eaed386


Signed-off-by: default avatarManas Ghandat <ghandatmanas@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
parent e0e1958f

fs/jfs/jfs_dmap.c

+7 −1
Original line number Diff line number Diff line
@@ -2763,7 +2763,9 @@ static int dbBackSplit(dmtree_t *tp, int leafno, bool is_ctl) 
 *	leafno	- the number of the leaf to be updated.

 *	newval	- the new value for the leaf.

 *

 * RETURN VALUES: none

 * RETURN VALUES:

 *  0		- success

 *	-EIO	- i/o error

 */

static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl)

{
@@ -2790,6 +2792,10 @@ static int dbJoin(dmtree_t *tp, int leafno, int newval, bool is_ctl) 
		 * get the buddy size (number of words covered) of

		 * the new value.

		 */



		if ((newval - tp->dmt_budmin) > BUDMIN)

			return -EIO;



		budsz = BUDSIZE(newval, tp->dmt_budmin);



		/* try to join.