Commit d622b89a authored by Tao Ma's avatar Tao Ma Committed by Joel Becker

ocfs2: Fix memory overflow in cow_by_page.

In ocfs2_duplicate_clusters_by_page, we calculate map_end
by shifting page_index. But actually in case we meet with
a large offset(say in a i686 box, poff_t is only 32 bits
and page_index=2056240), we will overflow. So change the
type of page_index to loff_t.
Signed-off-by: default avatarTao Ma <tao.ma@oracle.com>
Signed-off-by: default avatarJoel Becker <joel.becker@oracle.com>
parent 26636bf6
...@@ -2945,7 +2945,7 @@ static int ocfs2_duplicate_clusters_by_page(handle_t *handle, ...@@ -2945,7 +2945,7 @@ static int ocfs2_duplicate_clusters_by_page(handle_t *handle,
while (offset < end) { while (offset < end) {
page_index = offset >> PAGE_CACHE_SHIFT; page_index = offset >> PAGE_CACHE_SHIFT;
map_end = (page_index + 1) << PAGE_CACHE_SHIFT; map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
if (map_end > end) if (map_end > end)
map_end = end; map_end = end;
...@@ -3170,7 +3170,7 @@ static int ocfs2_cow_sync_writeback(struct super_block *sb, ...@@ -3170,7 +3170,7 @@ static int ocfs2_cow_sync_writeback(struct super_block *sb,
while (offset < end) { while (offset < end) {
page_index = offset >> PAGE_CACHE_SHIFT; page_index = offset >> PAGE_CACHE_SHIFT;
map_end = (page_index + 1) << PAGE_CACHE_SHIFT; map_end = ((loff_t)page_index + 1) << PAGE_CACHE_SHIFT;
if (map_end > end) if (map_end > end)
map_end = end; map_end = end;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment