linux-stable-rt/fs
Phillip Lougher 8bb0269160 [PATCH] corrupted cramfs filesystems cause kernel oops
Steve Grubb's fzfuzzer tool (http://people.redhat.com/sgrubb/files/
fsfuzzer-0.6.tar.gz) generates corrupt Cramfs filesystems which cause
Cramfs to kernel oops in cramfs_uncompress_block().  The cause of the oops
is an unchecked corrupted block length field read by cramfs_readpage().

This patch adds a sanity check to cramfs_readpage() which checks that the
block length field is sensible.  The (PAGE_CACHE_SIZE << 1) size check is
intentional, even though the uncompressed data is not going to be larger
than PAGE_CACHE_SIZE, gzip sometimes generates compressed data larger than
the original source data.  Mkcramfs checks that the compressed size is
always less than or equal to PAGE_CACHE_SIZE << 1.  Of course Cramfs could
use the original uncompressed data in this case, but it doesn't.

Signed-off-by: Phillip Lougher <phillip@lougher.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-07 08:39:36 -08:00
..
9p [PATCH] Function v9fs_get_idpool returns int, not u32 as called twice in fs/9p/vfs_inode.c 2006-12-07 08:39:33 -08:00
adfs [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
affs [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
afs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
autofs [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
autofs4 [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
befs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
bfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
cifs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
coda [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
configfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
cramfs [PATCH] corrupted cramfs filesystems cause kernel oops 2006-12-07 08:39:36 -08:00
debugfs [PATCH] debugfs: add header file 2006-11-25 13:28:33 -08:00
devpts
dlm [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ecryptfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
efs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
exportfs
ext2 [PATCH] Remove superfluous lock_super() in extN xattr code 2006-12-07 08:39:32 -08:00
ext3 [PATCH] ext3: uninline large functions 2006-12-07 08:39:35 -08:00
ext4 [PATCH] ext4: uninline large functions 2006-12-07 08:39:35 -08:00
fat [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
freevxfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
fuse [PATCH] fuse: fix compile without CONFIG_BLOCK 2006-12-07 08:39:32 -08:00
gfs2 [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hfsplus [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
hostfs
hpfs [PATCH] hpfs: fix printk format warnings 2006-12-07 08:39:35 -08:00
hppfs [PATCH] hppfs: readdir callback missed in prototype change 2006-10-09 14:19:08 -07:00
hugetlbfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
isofs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
jbd [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jbd2 [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jffs [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jffs2 [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
jfs [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
lockd [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
minix [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
msdos [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
ncpfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfs_common [PATCH] nfs_common endianness annotations 2006-10-20 10:26:41 -07:00
nfsd [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nls
ntfs [PATCH] slab: remove SLAB_NOFS 2006-12-07 08:39:23 -08:00
ocfs2 [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
openpromfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
partitions [PATCH] Fix check_partition routines 2006-12-07 08:39:30 -08:00
proc [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
qnx4 [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ramfs
reiserfs [PATCH] fix reiserfs bad path release panic 2006-12-07 08:39:32 -08:00
romfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
smbfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
sysfs [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
sysv [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
udf [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
ufs [PATCH] fs/*: trivial vsnprintf() conversion 2006-12-07 08:39:35 -08:00
vfat [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
xfs [PATCH] Use freezeable workqueues in XFS 2006-12-07 08:39:29 -08:00
Kconfig Fix typos in doc and comments 2006-11-30 05:32:19 +01:00
Kconfig.binfmt
Makefile [PATCH] jbd2: enable building of jbd2 and have ext4 use it rather than jbd 2006-10-11 11:14:16 -07:00
aio.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c [PATCH] binfmt: fix uaccess handling 2006-12-07 08:39:33 -08:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
block_dev.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
buffer.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
char_dev.c
compat.c [PATCH] compat: fix uaccess handling 2006-12-07 08:39:33 -08:00
compat_ioctl.c [PATCH] compat: fix uaccess handling 2006-12-07 08:39:33 -08:00
dcache.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
dcookies.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
direct-io.c
dnotify.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
dquot.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
drop_caches.c
eventpoll.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
exec.c [PATCH] slab: remove SLAB_KERNEL 2006-12-07 08:39:24 -08:00
fcntl.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
fifo.c
file.c [PATCH] file: kill unnecessary timer in fdtable_defer 2006-12-07 08:39:32 -08:00
file_table.c
filesystems.c
fs-writeback.c
generic_acl.c
inode.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
inotify.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
inotify_user.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
internal.h
ioctl.c
ioprio.c [PATCH] block layer: ioprio_best function fix 2006-10-12 15:09:51 +02:00
libfs.c
locks.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
mbcache.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
mpage.c
namei.c [PATCH] VFS: extra check inside dentry_unhash() 2006-12-07 08:39:35 -08:00
namespace.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
nfsctl.c
no-block.c
open.c
pipe.c
pnode.c
pnode.h
posix_acl.c
quota.c
quota_v1.c
quota_v2.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c
splice.c [PATCH] splice: fix problem introduced with inode diet 2006-11-04 08:45:39 -08:00
stat.c [PATCH] vfs_getattr(): remove dead code 2006-12-07 08:39:35 -08:00
super.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
sync.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
utimes.c [PATCH] severing fs.h, radix-tree.h -> sched.h 2006-12-04 02:00:24 -05:00
xattr.c [PATCH] Fix user.* xattr permission check for sticky dirs 2006-11-03 12:27:59 -08:00
xattr_acl.c