diff options
| author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2016-05-18 09:17:09 +0200 |
|---|---|---|
| committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2016-05-20 07:50:38 +0200 |
| commit | 452b7f83c43d85505c2027e9ec60454d6e4f6827 (patch) | |
| tree | 29183f96849406458770ca75d040e0d7052fb9d1 | |
| parent | score: Remove the Giant lock (diff) | |
| download | rtems-452b7f83c43d85505c2027e9ec60454d6e4f6827.tar.bz2 | |
fat: Fix for invalid cluster sizes
A cluster size > 32KiB resulted in an infinite loop in
fat_init_volume_info() due to an integer overflow.
Close #2717.
| -rw-r--r-- | cpukit/libfs/src/dosfs/fat.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/cpukit/libfs/src/dosfs/fat.c b/cpukit/libfs/src/dosfs/fat.c index 59f53091ca..2176ff3496 100644 --- a/cpukit/libfs/src/dosfs/fat.c +++ b/cpukit/libfs/src/dosfs/fat.c @@ -574,12 +574,14 @@ fat_init_volume_info(fat_fs_info_t *fs_info, const char *device) /* * "bytes per cluster" value greater than 32K is invalid */ - if ((vol->bpc = vol->bps << vol->spc_log2) > MS_BYTES_PER_CLUSTER_LIMIT) + if (vol->bps > (MS_BYTES_PER_CLUSTER_LIMIT >> vol->spc_log2)) { close(vol->fd); rtems_set_errno_and_return_minus_one(EINVAL); } + vol->bpc = vol->bps << vol->spc_log2; + for (vol->bpc_log2 = 0, i = vol->bpc; (i & 1) == 0; i >>= 1, vol->bpc_log2++); |