hfsplus: Add additional range check to handle on-disk corruptions
[muen/linux.git] / fs / hfsplus / brec.c
index 2312de34bd426e0755516042881d3be31ddc33a0..2a734cfccc920263faca60a193e6273457df4b52 100644 (file)
@@ -43,6 +43,10 @@ u16 hfs_brec_keylen(struct hfs_bnode *node, u16 rec)
                        node->tree->node_size - (rec + 1) * 2);
                if (!recoff)
                        return 0;
+               if (recoff > node->tree->node_size - 2) {
+                       printk(KERN_ERR "hfs: recoff %d too large\n", recoff);
+                       return 0;
+               }
 
                retval = hfs_bnode_read_u16(node, recoff) + 2;
                if (retval > node->tree->max_key_len + 2) {