git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff
[linux-2.6.git] / fs / isofs / compress.c
diff --git a/fs/isofs/compress.c b/fs/isofs/compress.c
index 34a44e4..4917315 100644 (file)
--- a/fs/isofs/compress.c
+++ b/fs/isofs/compress.c
@@ -129,8 +129,14 @@ static int zisofs_readpage(struct file *file, struct page *page)
        cend = le32_to_cpu(*(__le32 *)(bh->b_data + (blockendptr & bufmask)));
        brelse(bh);
 
+       if (cstart > cend)
+               goto eio;
+               
        csize = cend-cstart;
 
+       if (csize > deflateBound(1UL << zisofs_block_shift))
+               goto eio;
+
        /* Now page[] contains an array of pages, any of which can be NULL,
           and the locks on which we hold.  We should now read the data and
           release the pages.  If the pages are NULL the decompressed data
linux-2.6