From 6c1a808052ba6a875df7aa450b6df4b199f3a281 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
Date: Sat, 17 Dec 2016 00:27:50 +0100
Subject: [PATCH] fs/fat: Avoid corruption of sectors following the FAT
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The FAT is read/flushed in segments of 6 (FATBUFBLOCKS) disk sectors. The
last segment may be less than 6 sectors, cap the length.

Signed-off-by: Stefan BrÃ¼ns <stefan.bruens@rwth-aachen.de>
Reviewed-by: BenoÃ®t ThÃ©baudeau <benoit.thebaudeau.dev@gmail.com>
---
 fs/fat/fat.c       |  1 +
 fs/fat/fat_write.c | 22 ++++++++++++----------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index df9f2b5656..6319581406 100644
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -202,6 +202,7 @@ static __u32 get_fatent(fsdata *mydata, __u32 entry)
 		__u32 fatlength = mydata->fatlength;
 		__u32 startblock = bufnum * FATBUFBLOCKS;
 
+		/* Cap length if fatlength is not a multiple of FATBUFBLOCKS */
 		if (startblock + getsize > fatlength)
 			getsize = fatlength - startblock;
 
diff --git a/fs/fat/fat_write.c b/fs/fat/fat_write.c
index aab0b0e71d..4605020854 100644
--- a/fs/fat/fat_write.c
+++ b/fs/fat/fat_write.c
@@ -117,10 +117,11 @@ static int flush_dirty_fat_buffer(fsdata *mydata)
 	if ((!mydata->fat_dirty) || (mydata->fatbufnum == -1))
 		return 0;
 
-	startblock += mydata->fat_sect;
+	/* Cap length if fatlength is not a multiple of FATBUFBLOCKS */
+	if (startblock + getsize > fatlength)
+		getsize = fatlength - startblock;
 
-	if (getsize > fatlength)
-		getsize = fatlength;
+	startblock += mydata->fat_sect;
 
 	/* Write FAT buf */
 	if (disk_write(startblock, getsize, bufptr) < 0) {
@@ -187,8 +188,9 @@ static __u32 get_fatent_value(fsdata *mydata, __u32 entry)
 		__u32 fatlength = mydata->fatlength;
 		__u32 startblock = bufnum * FATBUFBLOCKS;
 
-		if (getsize > fatlength)
-			getsize = fatlength;
+		/* Cap length if fatlength is not a multiple of FATBUFBLOCKS */
+		if (startblock + getsize > fatlength)
+			getsize = fatlength - startblock;
 
 		startblock += mydata->fat_sect;	/* Offset from start of disk */
 
@@ -499,15 +501,15 @@ static int set_fatent_value(fsdata *mydata, __u32 entry, __u32 entry_value)
 		__u32 fatlength = mydata->fatlength;
 		__u32 startblock = bufnum * FATBUFBLOCKS;
 
-		fatlength *= mydata->sect_size;
-		startblock += mydata->fat_sect;
-
-		if (getsize > fatlength)
-			getsize = fatlength;
+		/* Cap length if fatlength is not a multiple of FATBUFBLOCKS */
+		if (startblock + getsize > fatlength)
+			getsize = fatlength - startblock;
 
 		if (flush_dirty_fat_buffer(mydata) < 0)
 			return -1;
 
+		startblock += mydata->fat_sect;
+
 		if (disk_read(startblock, getsize, bufptr) < 0) {
 			debug("Error reading FAT blocks\n");
 			return -1;
-- 
2.39.5