Revert "UBIFS: Fix potential integer overflow in allocation"

BugLink: https://bugs.launchpad.net/bugs/1792419 commit 08acbdd6 upstream. This reverts commit 353748a3. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook <keescook@chromium.org> Cc: Silvio Cesare <silvio.cesare@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Revert "UBIFS: Fix potential integer overflow in allocation"
BugLink: https://bugs.launchpad.net/bugs/1792419 commit 08acbdd6 upstream. This reverts commit 353748a3. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook <keescook@chromium.org> Cc: Silvio Cesare <silvio.cesare@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
7b511958 · Richard Weinberger · Kleber Sacilotto de Souza · 642accc9 · 7b511958
Commit 7b511958 authored Jul 01, 2018 by Richard Weinberger Committed by Kleber Sacilotto de Souza Oct 02, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/ubifs/journal.c fs/ubifs/journal.c +1 -1

No files found.
--- a/fs/ubifs/journal.c
+++ b/fs/ubifs/journal.c
@@ -1107,7 +1107,7 @@ static int recomp_data_node(const struct ubifs_info *c,
 	int err, len, compr_type, out_len;

 	out_len = le32_to_cpu(dn->size);
-	buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS);
+	buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS);
 	if (!buf)
 		return -ENOMEM;