In ext2.c, parse_group_descriptors assumes the group descriptors will fit within one block, and calls memcpy with a size potentially larger than the size kmalloc was called with, leading to the copying of garbage memory.
It should be fixed to compute the size of the descriptor table beforehand and allocate a buffer sized to the next multiple of the block size (see align_to) so that no overflow can happen.
In
ext2.c
,parse_group_descriptors
assumes the group descriptors will fit within one block, and callsmemcpy
with a size potentially larger than the sizekmalloc
was called with, leading to the copying of garbage memory.It should be fixed to compute the size of the descriptor table beforehand and allocate a buffer sized to the next multiple of the block size (see
align_to
) so that no overflow can happen.