Commit 22515881 authored by Shigeru Yoshida's avatar Shigeru Yoshida Committed by Christian Brauner
Browse files

reiserfs: Replace 1-element array with C99 style flex-array 



UBSAN found the following issue:

================================================================================
UBSAN: array-index-out-of-bounds in fs/reiserfs/journal.c:4166:22
index 1 is out of range for type '__le32 [1]'

This is because struct reiserfs_journal_desc uses 1-element array for
dynamically sized array member, j_realblock.

This patch fixes this issue by replacing the 1-element array member with C99
style flex-array.  This patch also fixes the same issue in struct
reiserfs_journal_commit as the same manner.

Fixes: f466c6fd ("move private bits of reiserfs_fs.h to fs/reiserfs/reiserfs.h")
Signed-off-by: default avatarShigeru Yoshida <syoshida@redhat.com>
Message-Id: <20230821043312.1444068-1-syoshida@redhat.com>
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 0bb80ecc

fs/reiserfs/reiserfs.h

+3 −3
Original line number Diff line number Diff line
@@ -2699,7 +2699,7 @@ struct reiserfs_iget_args { 
#define get_journal_desc_magic(bh) (bh->b_data + bh->b_size - 12)



#define journal_trans_half(blocksize) \

	((blocksize - sizeof (struct reiserfs_journal_desc) + sizeof (__u32) - 12) / sizeof (__u32))

	((blocksize - sizeof(struct reiserfs_journal_desc) - 12) / sizeof(__u32))



/* journal.c see journal.c for all the comments here */
@@ -2711,7 +2711,7 @@ struct reiserfs_journal_desc { 
	__le32 j_len;



	__le32 j_mount_id;	/* mount id of this trans */

	__le32 j_realblock[1];	/* real locations for each block */

	__le32 j_realblock[];	/* real locations for each block */

};



#define get_desc_trans_id(d)   le32_to_cpu((d)->j_trans_id)
@@ -2726,7 +2726,7 @@ struct reiserfs_journal_desc { 
struct reiserfs_journal_commit {

	__le32 j_trans_id;	/* must match j_trans_id from the desc block */

	__le32 j_len;		/* ditto */

	__le32 j_realblock[1];	/* real locations for each block */

	__le32 j_realblock[];	/* real locations for each block */

};



#define get_commit_trans_id(c) le32_to_cpu((c)->j_trans_id)