Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757319AbdLWDgC (ORCPT ); Fri, 22 Dec 2017 22:36:02 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:34921 "EHLO huawei.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1757161AbdLWDf6 (ORCPT ); Fri, 22 Dec 2017 22:35:58 -0500 Subject: Re: [PATCH v4] fsck.f2fs: check and fix i_namelen to avoid double free To: Yunlong Song , , , CC: , , , , , , References: <1513319130-114230-1-git-send-email-yunlong.song@huawei.com> <1513603527-163036-1-git-send-email-yunlong.song@huawei.com> <1d02d383-434e-bf32-1940-ff2ef790868f@huawei.com> From: Chao Yu Message-ID: <7409e62c-cf8f-b5d3-9ec7-f22d1e3a5c7c@huawei.com> Date: Sat, 23 Dec 2017 11:35:38 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <1d02d383-434e-bf32-1940-ff2ef790868f@huawei.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [10.134.22.195] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 803 Lines: 30 On 2017/12/23 11:19, Yunlong Song wrote: > Double free problem: > Since ddr bit jump makes i_namelen a larger value (> 255),when file is > not encrypted, > the convert_encrypted_name will memcpy out range of en[255], when en is > freed, there > will be double free problem. It looks there is only memcpy overflow problem here. Thanks, > > On 2017/12/23 11:05, Chao Yu wrote: >> On 2017/12/18 21:25, Yunlong Song wrote: >>> v1 -> v2: use child_info to pass dentry namelen >>> v2 -> v3: check child != NULL to include the F2FS_FT_ORPHAN file type >>> v3 -> v4: fix the i_namelen problem of dump.f2fs、 >> There is no commit log, so what do you mean about "avoid double free"? >> >> Other than that, looks good to me. >> >> Reviewed-by: Chao Yu >> >> Thanks, >> >> >> . >> >