diff options
| -rw-r--r-- | fs/squashfs/xattr_id.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/squashfs/xattr_id.c b/fs/squashfs/xattr_id.c index 51a7bd0cc449..f60fb3cce183 100644 --- a/fs/squashfs/xattr_id.c +++ b/fs/squashfs/xattr_id.c @@ -76,6 +76,17 @@ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 start, *xattr_table_start = le64_to_cpu(id_table->xattr_table_start); *xattr_ids = le32_to_cpu(id_table->xattr_ids); kfree(id_table); + + /* Sanity check values */ + + /* there is always at least one xattr id */ + if (*xattr_ids == 0) + return ERR_PTR(-EINVAL); + + /* xattr_table should be less than start */ + if (*xattr_table_start >= start) + return ERR_PTR(-EINVAL); + len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids); TRACE("In read_xattr_index_table, length %d\n", len); |