• Liu Song's avatar
    ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len · acc5af3e
    Liu Song authored
    In “ubifs_check_node”, when the value of "node_len" is abnormal,
    the code will goto label of "out_len" for execution. Then, in the
    following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE",
    in "print_hex_dump", an out-of-bounds access may occur due to the
    wrong "ch->len".
    Therefore, when the value of "node_len" is abnormal, data length
    should to be adjusted to a reasonable safe range. At this time,
    structured data is not credible, so dump the corrupted data directly
    for analysis.
    Signed-off-by: default avatarLiu Song <liu.song11@zte.com.cn>
    Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
io.c 35.6 KB