[PATCH] fat: Fix for invalid cluster sizes
Gedare Bloom
gedare at rtems.org
Thu May 19 22:17:43 UTC 2016
ok
On Thu, May 19, 2016 at 5:55 AM, Sebastian Huber
<sebastian.huber at embedded-brains.de> wrote:
> A cluster size > 32KiB resulted in an infinite loop in
> fat_init_volume_info() due to an integer overflow.
>
> Close #2717.
> ---
> cpukit/libfs/src/dosfs/fat.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/cpukit/libfs/src/dosfs/fat.c b/cpukit/libfs/src/dosfs/fat.c
> index 59f5309..2176ff3 100644
> --- a/cpukit/libfs/src/dosfs/fat.c
> +++ b/cpukit/libfs/src/dosfs/fat.c
> @@ -574,12 +574,14 @@ fat_init_volume_info(fat_fs_info_t *fs_info, const char *device)
> /*
> * "bytes per cluster" value greater than 32K is invalid
> */
> - if ((vol->bpc = vol->bps << vol->spc_log2) > MS_BYTES_PER_CLUSTER_LIMIT)
> + if (vol->bps > (MS_BYTES_PER_CLUSTER_LIMIT >> vol->spc_log2))
> {
> close(vol->fd);
> rtems_set_errno_and_return_minus_one(EINVAL);
> }
>
> + vol->bpc = vol->bps << vol->spc_log2;
> +
> for (vol->bpc_log2 = 0, i = vol->bpc; (i & 1) == 0;
> i >>= 1, vol->bpc_log2++);
>
> --
> 1.8.4.5
>
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
More information about the devel
mailing list