segno and blk_off were read from input image without sanity check. This
could lead to buffer overflow when accessing internal arrays like SIT
sentries and seg_entry cur_valid_map.
Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
blk_off = get_cp(cur_node_blkoff[i - CURSEG_HOT_NODE]);
segno = get_cp(cur_node_segno[i - CURSEG_HOT_NODE]);
}
+ ASSERT(segno < TOTAL_SEGS(sbi));
+ ASSERT(blk_off < DEFAULT_BLOCKS_PER_SEGMENT);
+
array[i].segno = segno;
array[i].zone = GET_ZONENO_FROM_SEGNO(sbi, segno);
array[i].next_segno = NULL_SEGNO;