summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorRichard Weinberger <richard@nod.at>2018-07-02 00:20:50 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-09-09 20:56:00 +0300
commit3259dd7176e4d98248f2dcc94f540dbca051ff42 (patch)
tree166d3657f754877f794dd5ad1720fd8beef401dd /fs
parenta230db38a9fd9b422bb7f114da9bb7141c87fded (diff)
downloadlinux-3259dd7176e4d98248f2dcc94f540dbca051ff42.tar.xz
Revert "UBIFS: Fix potential integer overflow in allocation"
commit 08acbdd6fd736b90f8d725da5a0de4de2dd6de62 upstream. This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook <keescook@chromium.org> Cc: Silvio Cesare <silvio.cesare@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/ubifs/journal.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c
index 8ae1cd8611cc..04c4ec6483e5 100644
--- a/fs/ubifs/journal.c
+++ b/fs/ubifs/journal.c
@@ -1283,11 +1283,10 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in
int *new_len)
{
void *buf;
- int err, compr_type;
- u32 dlen, out_len, old_dlen;
+ int err, dlen, compr_type, out_len, old_dlen;
out_len = le32_to_cpu(dn->size);
- buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS);
+ buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS);
if (!buf)
return -ENOMEM;