From: Dave Kleikamp dave.kleikamp@oracle.com
mainline inclusion from mainline-v5.11 commit c61b3e4839007668360ed8b87d7da96d2e59fc6c category: bugfix bugzilla: NA CVE: CVE-2020-27815
--------------------------------
Bounds checking tools can flag a bug in dbAdjTree() for an array index out of bounds in dmt_stree. Since dmt_stree can refer to the stree in both structures dmaptree and dmapctl, use the larger array to eliminate the false positive.
Signed-off-by: Dave Kleikamp dave.kleikamp@oracle.com Reported-by: butt3rflyh4ck butterflyhuangxx@gmail.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/jfs/jfs_dmap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/jfs/jfs_dmap.h b/fs/jfs/jfs_dmap.h index 562b9a7e4311..f502a15c6c98 100644 --- a/fs/jfs/jfs_dmap.h +++ b/fs/jfs/jfs_dmap.h @@ -196,7 +196,7 @@ typedef union dmtree { #define dmt_leafidx t1.leafidx #define dmt_height t1.height #define dmt_budmin t1.budmin -#define dmt_stree t1.stree +#define dmt_stree t2.stree
/* * on-disk aggregate disk allocation map descriptor.