/*
* JFFS2 -- Journalling Flash File System, Version 2.
*
- * Copyright (C) 2004 Ferenc Havasi <havasi@inf.u-szeged.hu>,
- * Zoltan Sogor <weth@inf.u-szeged.hu>,
- *
Patrik Kluba <pajko@halom.u-szeged.hu>,
- * University of Szeged, Hungary
- * 2006 KaiGai Kohei <kaigai@ak.jp.nec.com>
+ * Copyright © 2004 Ferenc Havasi <havasi@inf.u-szeged.hu>,
+ * Zoltan Sogor <weth@inf.u-szeged.hu>,
+ * Patrik Kluba <pajko@halom.u-szeged.hu>,
+ * University of Szeged, Hungary
+ * 2006 KaiGai Kohei <kaigai@ak.jp.nec.com>
*
* For licensing information, see the file 'LICENCE' in this directory.
*
- * $Id: summary.c,v 1.4 2005/09/26 11:37:21 havasi Exp $
- *
*/
#include <linux/kernel.h>
-#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/mtd/mtd.h>
#include <linux/pagemap.h>
int jffs2_sum_init(struct jffs2_sb_info *c)
{
- c->summary = kmalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
+ c->summary = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
if (!c->summary) {
JFFS2_WARNING("Can't allocate memory for summary information!\n");
return -ENOMEM;
}
- memset(c->summary, 0, sizeof(struct jffs2_summary));
-
c->summary->sum_buf = vmalloc(c->sector_size);
if (!c->summary->sum_buf) {
union jffs2_node_union *node;
struct jffs2_eraseblock *jeb;
+ if (c->summary->sum_size == JFFS2_SUMMARY_NOSUM_SIZE) {
+ dbg_summary("Summary is disabled for this jeb! Skipping summary info!\n");
+ return 0;
+ }
+
node = invecs[0].iov_base;
jeb = &c->blocks[ofs / c->sector_size];
ofs -= jeb->offset;
for (i=0; i<je32_to_cpu(summary->sum_num); i++) {
dbg_summary("processing summary index %d\n", i);
+ cond_resched();
+
/* Make sure there's a spare ref for dirty space */
err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
if (err)
case JFFS2_NODETYPE_DIRENT: {
struct jffs2_sum_dirent_flash *spd;
+ int checkedlen;
spd = sp;
dbg_summary("Dirent at 0x%08x-0x%08x\n",
jeb->offset + je32_to_cpu(spd->offset) + je32_to_cpu(spd->totlen));
- fd = jffs2_alloc_full_dirent(spd->nsize+1);
+ /* This should never happen, but https://dev.laptop.org/ticket/4184 */
+ checkedlen = strnlen(spd->name, spd->nsize);
+ if (!checkedlen) {
+ printk(KERN_ERR "Dirent at %08x has zero at start of name. Aborting mount.\n",
+ jeb->offset + je32_to_cpu(spd->offset));
+ return -EIO;
+ }
+ if (checkedlen < spd->nsize) {
+ printk(KERN_ERR "Dirent at %08x has zeroes in name. Truncating to %d chars\n",
+ jeb->offset + je32_to_cpu(spd->offset), checkedlen);
+ }
+
+
+ fd = jffs2_alloc_full_dirent(checkedlen+1);
if (!fd)
return -ENOMEM;
- memcpy(&fd->name, spd->name, spd->nsize);
- fd->name[spd->nsize] = 0;
+ memcpy(&fd->name, spd->name, checkedlen);
+ fd->name[checkedlen] = 0;
ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino));
if (!ic) {
fd->next = NULL;
fd->version = je32_to_cpu(spd->version);
fd->ino = je32_to_cpu(spd->ino);
- fd->nhash = full_name_hash(fd->name, spd->nsize);
+ fd->nhash = full_name_hash(fd->name, checkedlen);
fd->type = spd->type;
jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
projects / linux-2.6 / blobdiff