JFFS2 overflow bug in read_dnone
Victor Gallardo
victorgallardo at yahoo.com
Fri Aug 21 04:45:02 EST 2009
Hi,
I noticed if I compile with CONFIG_PPC_64K_PAGES, I run into the following issue.
******** read_dnode: tn->csize == 0, csize == 65536
******** check_node: tn->csize == 0 <======== BUG_ON assert
Look like an OVERFLOW bug. Is this correct?
Here is the problem
fs/jffs2/nodelist.h
struct jffs2_tmp_dnode_info
{
...
uint16_t csize;
...
};
fs/jffs2/readinode.c
static inline int read_dnode(...)
{
struct jffs2_tmp_dnode_info *tn;
uint32_t csize;
...
csize = je32_to_cpu(rd->csize);
...
tn->csize = csize;
#ifdef DBG_BUG_ON_ASSERT
if ( tn->csize == 0 && csize != 0) {
printk("******* %s: tn->csize == 0, csize == %d\n",__func__,csize);
}
#endif
....
}
Best Regards,
Victor Gallardo
More information about the Linuxppc-dev
mailing list