From 452b7f83c43d85505c2027e9ec60454d6e4f6827 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Wed, 18 May 2016 09:17:09 +0200 Subject: fat: Fix for invalid cluster sizes A cluster size > 32KiB resulted in an infinite loop in fat_init_volume_info() due to an integer overflow. Close #2717. --- cpukit/libfs/src/dosfs/fat.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cpukit/libfs/src/dosfs/fat.c b/cpukit/libfs/src/dosfs/fat.c index 59f53091ca..2176ff3496 100644 --- a/cpukit/libfs/src/dosfs/fat.c +++ b/cpukit/libfs/src/dosfs/fat.c @@ -574,12 +574,14 @@ fat_init_volume_info(fat_fs_info_t *fs_info, const char *device) /* * "bytes per cluster" value greater than 32K is invalid */ - if ((vol->bpc = vol->bps << vol->spc_log2) > MS_BYTES_PER_CLUSTER_LIMIT) + if (vol->bps > (MS_BYTES_PER_CLUSTER_LIMIT >> vol->spc_log2)) { close(vol->fd); rtems_set_errno_and_return_minus_one(EINVAL); } + vol->bpc = vol->bps << vol->spc_log2; + for (vol->bpc_log2 = 0, i = vol->bpc; (i & 1) == 0; i >>= 1, vol->bpc_log2++); -- cgit v1.2.3