fs: jfs: fix shift-out-of-bounds in dbDiscardAG

[platform/kernel/linux-rpi.git] / fs / jfs / jfs_dmap.c

diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 44600cd..f401bc0 100644 (file)
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -198,6 +198,11 @@ int dbMount(struct inode *ipbmap)
                goto err_release_metapage;
        }
 
+       if (((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {
+               err = -EINVAL;
+               goto err_release_metapage;
+       }
+
        for (i = 0; i < MAXAG; i++)
                bmp->db_agfree[i] = le64_to_cpu(dbmp_le->dn_agfree[i]);
        bmp->db_agsize = le64_to_cpu(dbmp_le->dn_agsize);