|
|
@@ -1393,7 +1393,16 @@ int ubifs_jnl_truncate(struct ubifs_info *c, const struct inode *inode,
|
|
|
else if (err)
|
|
|
goto out_free;
|
|
|
else {
|
|
|
- if (le32_to_cpu(dn->size) <= dlen)
|
|
|
+ int dn_len = le32_to_cpu(dn->size);
|
|
|
+
|
|
|
+ if (dn_len <= 0 || dn_len > UBIFS_BLOCK_SIZE) {
|
|
|
+ ubifs_err(c, "bad data node (block %u, inode %lu)",
|
|
|
+ blk, inode->i_ino);
|
|
|
+ ubifs_dump_node(c, dn);
|
|
|
+ goto out_free;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (dn_len <= dlen)
|
|
|
dlen = 0; /* Nothing to do */
|
|
|
else {
|
|
|
err = truncate_data_node(c, inode, blk, dn, &dlen);
|
Richard Weinberger