[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.14 28/40] vvfat: Fix wrong checks for cluster mappings invar
From: |
Michael Tokarev |
Subject: |
[Stable-7.2.14 28/40] vvfat: Fix wrong checks for cluster mappings invariant |
Date: |
Fri, 6 Sep 2024 08:16:16 +0300 |
From: Amjad Alsharafi <amjadsharafi10@gmail.com>
How this `abort` was intended to check for was:
- if the `mapping->first_mapping_index` is not the same as
`first_mapping_index`, which **should** happen only in one case,
when we are handling the first mapping, in that case
`mapping->first_mapping_index == -1`, in all other cases, the other
mappings after the first should have the condition `true`.
- From above, we know that this is the first mapping, so if the offset
is not `0`, then abort, since this is an invalid state.
The issue was that `first_mapping_index` is not set if we are
checking from the middle, the variable `first_mapping_index` is
only set if we passed through the check `cluster_was_modified` with the
first mapping, and in the same function call we checked the other
mappings.
One approach is to go into the loop even if `cluster_was_modified`
is not true so that we will be able to set `first_mapping_index` for the
first mapping, but since `first_mapping_index` is only used here,
another approach is to just check manually for the
`mapping->first_mapping_index != -1` since we know that this is the
value for the only entry where `offset == 0` (i.e. first mapping).
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID:
<b0fbca3ee208c565885838f6a7deeaeb23f4f9c2.1721470238.git.amjadsharafi10@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f60a6f7e17bf2a2a0f0a08265ac9b077fce42858)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/block/vvfat.c b/block/vvfat.c
index 3a83ab5af4..1adcc6040f 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -1879,7 +1879,6 @@ static uint32_t
get_cluster_count_for_direntry(BDRVVVFATState* s,
uint32_t cluster_num = begin_of_direntry(direntry);
uint32_t offset = 0;
- int first_mapping_index = -1;
mapping_t* mapping = NULL;
const char* basename2 = NULL;
@@ -1941,14 +1940,9 @@ static uint32_t
get_cluster_count_for_direntry(BDRVVVFATState* s,
if (strcmp(basename, basename2))
copy_it = 1;
- first_mapping_index = array_index(&(s->mapping),
mapping);
- }
-
- if (mapping->first_mapping_index != first_mapping_index
- && mapping->info.file.offset > 0) {
- abort();
- copy_it = 1;
}
+ assert(mapping->first_mapping_index == -1
+ || mapping->info.file.offset > 0);
/* need to write out? */
if (!was_modified && is_file(direntry)) {
--
2.39.2
- [Stable-7.2.14 21/40] hw/arm/mps2-tz.c: fix RX/TX interrupts order, (continued)
- [Stable-7.2.14 21/40] hw/arm/mps2-tz.c: fix RX/TX interrupts order, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 22/40] target/arm: Handle denormals correctly for FMOPA (widening), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 23/40] virtio-net: Ensure queue index fits with RSS, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 24/40] virtio-net: Fix network stall at the host side waiting for kick, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 26/40] vvfat: Fix bug in writing to middle of file, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 25/40] hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 27/40] vvfat: Fix usage of `info.file.offset`, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 32/40] nbd/server: CVE-2024-7409: Cap default max-connections to 100, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 29/40] vvfat: Fix reading files with non-continuous clusters, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 30/40] iotests: Add `vvfat` tests, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 28/40] vvfat: Fix wrong checks for cluster mappings invariant,
Michael Tokarev <=
- [Stable-7.2.14 31/40] nbd/server: Plumb in new args to nbd_client_add(), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 33/40] nbd/server: CVE-2024-7409: Drop non-negotiating clients, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 34/40] nbd/server: CVE-2024-7409: Close stray clients at server-stop, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 35/40] nbd/server: CVE-2024-7409: Avoid use-after-free when closing server, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 36/40] block/blkio: use FUA flag on write zeroes only if supported, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 40/40] hw/core/ptimer: fix timer zero period condition for freq > 1GHz, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 37/40] target/i386: Do not apply REX to MMX operands, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 38/40] module: Prevent crash by resetting local_err in module_load_qom_all(), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 39/40] crypto/tlscredspsk: Free username on finalize, Michael Tokarev, 2024/09/06