From: Andries E. Brouwer Date: Tue, 18 Dec 2007 00:19:55 +0000 (-0800) Subject: ext3, ext4: avoid divide by zero X-Git-Tag: v2.6.24-rc6~45 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b47b6f38e5202c924bfe7632dce5dda4e3d40731;p=linux-2.6 ext3, ext4: avoid divide by zero As it turns out, the kernel divides by EXT3_INODES_PER_GROUP(s) when mounting an ext3 filesystem. If that number is zero, a crash follows. Below a patch. This crash was reported by Joeri de Ruiter, Carst Tankink and Pim Vullers. Cc: Acked-by: Alan Cox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/ext3/super.c b/fs/ext3/super.c index de55da9e28..cb14de1502 100644 --- a/fs/ext3/super.c +++ b/fs/ext3/super.c @@ -1676,7 +1676,7 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent) sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_frags_per_group = le32_to_cpu(es->s_frags_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); - if (EXT3_INODE_SIZE(sb) == 0) + if (EXT3_INODE_SIZE(sb) == 0 || EXT3_INODES_PER_GROUP(sb) == 0) goto cantfind_ext3; sbi->s_inodes_per_block = blocksize / EXT3_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 8031dc0e24..1ca0f546c4 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1797,7 +1797,7 @@ static int ext4_fill_super (struct super_block *sb, void *data, int silent) sbi->s_desc_size = EXT4_MIN_DESC_SIZE; sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); - if (EXT4_INODE_SIZE(sb) == 0) + if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0) goto cantfind_ext4; sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0)