From b1e22e2b03dfbb143dfac3a810ba9a8cae6058d8 Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer@pengutronix.de>
Date: Tue, 29 Oct 2019 08:57:09 +0100
Subject: fs: ext4: Fix out of bounds memset

When a block we read is a sparse block, we memset the corresponding
output buffer to zero. If that block is the last block we read, we
may not memset the whole block, but only up to the length of the output
buffer, which may be shorter than a full block.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 fs/ext4/ext4fs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'fs')

diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index bfc5f27cc3..acecccd6b9 100644
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -135,7 +135,7 @@ int ext4fs_read_file(struct ext2fs_node *node, int pos,
 					return ret;
 				previous_block_number = -1;
 			}
-			memset(buf, 0, blocksize - skipfirst);
+			memset(buf, 0, blockend);
 		}
 		buf += blocksize - skipfirst;
 	}
-- 
cgit v1.2.3