ext3, ext4: avoid divide by zero
Andries E. Brouwer [Tue, 18 Dec 2007 00:19:55 +0000 (16:19 -0800)]
As it turns out, the kernel divides by EXT3_INODES_PER_GROUP(s) when
mounting an ext3 filesystem.  If that number is zero, a crash follows.
Below a patch.

This crash was reported by Joeri de Ruiter, Carst Tankink and Pim Vullers.

Cc: <linux-ext4@vger.kernel.org>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs/ext3/super.c
fs/ext4/super.c

index de55da9..cb14de1 100644 (file)
@@ -1676,7 +1676,7 @@ static int ext3_fill_super (struct super_block *sb, void *data, int silent)
        sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group);
        sbi->s_frags_per_group = le32_to_cpu(es->s_frags_per_group);
        sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group);
-       if (EXT3_INODE_SIZE(sb) == 0)
+       if (EXT3_INODE_SIZE(sb) == 0 || EXT3_INODES_PER_GROUP(sb) == 0)
                goto cantfind_ext3;
        sbi->s_inodes_per_block = blocksize / EXT3_INODE_SIZE(sb);
        if (sbi->s_inodes_per_block == 0)
index 8031dc0..1ca0f54 100644 (file)
@@ -1797,7 +1797,7 @@ static int ext4_fill_super (struct super_block *sb, void *data, int silent)
                sbi->s_desc_size = EXT4_MIN_DESC_SIZE;
        sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group);
        sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group);
-       if (EXT4_INODE_SIZE(sb) == 0)
+       if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0)
                goto cantfind_ext4;
        sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb);
        if (sbi->s_inodes_per_block == 0)