Re: [PATCH v2] ext4: fix OOB read when checking dotdot dir

22 Mar 2025


      On Thu, 20 Mar 2025 15:46:49 +0000, Acs, Jakub wrote:
...
Mounting a corrupted filesystem with directory which contains '.' dir
entry with rec_len == block size results in out-of-bounds read (later
on, when the corrupted directory is removed).
ext4_empty_dir() assumes every ext4 directory contains at least '.'
and '..' as directory entries in the first data block. It first loads
the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()
and then uses its rec_len member to compute the location of '..' dir
entry (in ext4_next_entry). It assumes the '..' dir entry fits into the
same data block.
[...]
Applied, thanks!
[1/1] ext4: fix OOB read when checking dotdot dir
      commit: d5e206778e96e8667d3bde695ad372c296dc9353
Best regards,
-- 
Theodore Ts'o tytso@mit.edu

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH v2] ext4: fix OOB read when checking dotdot dir