Revert "ANDROID: Revert "f2fs: avoid out-of-range memory access""

This reverts commit 0aed061b2c38022fd305c51a1124bfba2a83b3f5.

This should not have been reverted in this branch as it was already here
as part of the f2fs-stable merge that was done in commit 8ed00839a550
("Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y'
into android-4.9") already contained it and everything built fine.

The build error in android-4.9-p occurs due to the presence of commit
c804fcf3df1f ("f2fs: no need return value in restore summary process")
and lack of commit 3c74326b78b6 ("f2fs: fix to propagate error from
__get_meta_page()") in that branch.

Change-Id: I0738d38a0feca9dfd1115871ecd33ee93442d76b
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 6352406..bdec193 100644 (file)
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -3444,6 +3444,11 @@ static int read_compacted_summaries(struct f2fs_sb_info *sbi)
                seg_i = CURSEG_I(sbi, i);
                segno = le32_to_cpu(ckpt->cur_data_segno[i]);
                blk_off = le16_to_cpu(ckpt->cur_data_blkoff[i]);
+               if (blk_off > ENTRIES_IN_SUM) {
+                       f2fs_bug_on(sbi, 1);
+                       f2fs_put_page(page, 1);
+                       return -EFAULT;
+               }
                seg_i->next_segno = segno;
                reset_curseg(sbi, i, 0);
                seg_i->alloc_type = ckpt->alloc_type[i];