kernel-ark/fs/ext3
Al Viro de0bb97aff [PATCH] forgotten ->b_data in memcpy() call in ext3/resize.c (oopsable)
sbi->s_group_desc is an array of pointers to buffer_head.  memcpy() of
buffer size from address of buffer_head is a bad idea - it will generate
junk in any case, may oops if buffer_head is close to the end of slab
page and next page is not mapped and isn't what was intended there.
IOW, ->b_data is missing in that call.  Fortunately, result doesn't go
into the primary on-disk data structures, so only backup ones get crap
written to them; that had allowed this bug to remain unnoticed until
now.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-26 07:52:21 -07:00
..
acl.c
acl.h
balloc.c [PATCH] ext3_get_blocks: Adjust reservation window size for mblocks 2006-03-26 08:57:01 -08:00
bitmap.c [PATCH] ext3: Fix debug logging-only compilation error 2006-03-25 08:22:56 -08:00
dir.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
file.c [PATCH] Introduce sys_splice() system call 2006-03-30 12:28:18 -08:00
fsync.c
hash.c
ialloc.c
inode.c [PATCH] ext3: multi-block get_block() 2006-03-26 08:57:02 -08:00
ioctl.c [PATCH] convert ext3's truncate_sem to a mutex 2006-03-23 07:38:14 -08:00
Makefile
namei.c [PATCH] ext3: ext3_symlink should use GFP_NOFS allocations inside 2006-03-11 09:19:34 -08:00
namei.h
resize.c [PATCH] forgotten ->b_data in memcpy() call in ext3/resize.c (oopsable) 2006-04-26 07:52:21 -07:00
super.c [PATCH] ext3: "nobh" writeback support for filesystems blocksize < pagesize 2006-03-26 08:57:02 -08:00
symlink.c
xattr_security.c
xattr_trusted.c
xattr_user.c
xattr.c
xattr.h