aboutsummaryrefslogtreecommitdiffstats
path: root/fs/xfs
diff options
context:
space:
mode:
authorDavid Chinner <dgc@sgi.com>2008-02-06 13:37:40 +1100
committerLachlan McIlroy <lachlan@redback.melbourne.sgi.com>2008-02-07 18:24:13 +1100
commit450790a2c51e6d9d47ed30dbdcf486656b8e186f (patch)
tree4951fb3e7fae21a791fd7c4b161a1d3f0e6dc571 /fs/xfs
parentcbc89dcfd24fd161f7a8e262266177db160a58fb (diff)
downloadkernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.zip
kernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.tar.gz
kernel_samsung_smdk4412-450790a2c51e6d9d47ed30dbdcf486656b8e186f.tar.bz2
[XFS] Fix oops in xfs_file_readdir()
When xfs_file_readdir() exactly fills a buffer, it can move it's index past the end of the buffer and dereference it even though the result of the dereference is never used. On some platforms this causes an oops. SGI-PV: 976923 SGI-Modid: xfs-linux-melb:xfs-kern:30458a Signed-off-by: David Chinner <dgc@sgi.com> Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Diffstat (limited to 'fs/xfs')
-rw-r--r--fs/xfs/linux-2.6/xfs_file.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/xfs/linux-2.6/xfs_file.c b/fs/xfs/linux-2.6/xfs_file.c
index 21a1c2b..edab1ff 100644
--- a/fs/xfs/linux-2.6/xfs_file.c
+++ b/fs/xfs/linux-2.6/xfs_file.c
@@ -350,8 +350,8 @@ xfs_file_readdir(
size = buf.used;
de = (struct hack_dirent *)buf.dirent;
- curr_offset = de->offset /* & 0x7fffffff */;
while (size > 0) {
+ curr_offset = de->offset /* & 0x7fffffff */;
if (filldir(dirent, de->name, de->namlen,
curr_offset & 0x7fffffff,
de->ino, de->d_type)) {
@@ -362,7 +362,6 @@ xfs_file_readdir(
sizeof(u64));
size -= reclen;
de = (struct hack_dirent *)((char *)de + reclen);
- curr_offset = de->offset /* & 0x7fffffff */;
}
}