From: Yang Chenzhi <yang.chenzhi@xxxxxxxx>
Introduce a helper function hfs_off_and_len_is_valid, which combines
is_bnode_offset_valid and check_and_correct_request_len.
The motivation is that check_and_correct_request_len correcting the
length may force the caller to continue the execution, but the
corrected length might not match the buffer size, this may trigger a
out-of-bounds memory access. In addition, if the bnode is corrupted,
continuing to read data may trigger unknown bugs.
It is still unclear whether there are special cases where the
length must be corrected, so instead of replacing the existing
logic, this helper function is added.
Signed-off-by: Yang Chenzhi <yang.chenzhi@xxxxxxxx>
---
fs/hfs/btree.h | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/fs/hfs/btree.h b/fs/hfs/btree.h
index 0e6baee93245..fb69f66409f4 100644
--- a/fs/hfs/btree.h
+++ b/fs/hfs/btree.h
@@ -170,3 +170,21 @@ struct hfs_btree_header_rec {
max key length. use din catalog
b-tree but not in extents
b-tree (hfsplus). */
+static inline
+bool hfs_off_and_len_is_valid(struct hfs_bnode *node, u16 off, u16 len)
+{
+ bool ret = true;
+ if (off > node->tree->node_size ||
+ off + len > node->tree->node_size)
+ ret = false;
+
+ if (!ret) {
+ pr_err("requested invalid offset: "
+ "NODE: id %u, type %#x, height %u, "
+ "node_size %u, offset %u, length %u\n",
+ node->this, node->type, node->height,
+ node->tree->node_size, off, len);
+ }
+
+ return ret;
+}
--
2.43.0
