From a84a1b68d698d9a5cfa5efd55b057df7724996b2 Mon Sep 17 00:00:00 2001
From: Kaho Ng <ngkaho1234@gmail.com>
Date: Tue, 28 Jun 2016 23:02:16 +0800
Subject: [PATCH] ext4: fix possible access violation when copying name fields

---
 include/ext4_types.h |  3 +--
 src/ext4.c           | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/include/ext4_types.h b/include/ext4_types.h
index a7170a7..4f934f2 100644
--- a/include/ext4_types.h
+++ b/include/ext4_types.h
@@ -495,8 +495,7 @@ struct ext4_dir_en {
 	uint8_t name_len;   /* Lower 8 bits of name length */
 
 	union ext4_dir_en_internal in;
-
-	uint8_t name[EXT4_DIRECTORY_FILENAME_LEN]; /* Entry name */
+	uint8_t name[]; /* Entry name */
 };
 
 /* Structures for indexed directory */
diff --git a/src/ext4.c b/src/ext4.c
index 86c5c1d..db7745f 100644
--- a/src/ext4.c
+++ b/src/ext4.c
@@ -2949,6 +2949,7 @@ const ext4_direntry *ext4_dir_entry_next(ext4_dir *d)
 #define EXT4_DIR_ENTRY_OFFSET_TERM (uint64_t)(-1)
 
 	int r;
+	uint16_t name_length;
 	ext4_direntry *de = 0;
 	struct ext4_inode_ref dir;
 	struct ext4_dir_iter it;
@@ -2971,7 +2972,18 @@ const ext4_direntry *ext4_dir_entry_next(ext4_dir *d)
 		goto Finish;
 	}
 
-	memcpy(&d->de, it.curr, sizeof(ext4_direntry));
+	memset(&d->de.name, 0, sizeof(d->de.name));
+	name_length = ext4_dir_en_get_name_len(&d->f.mp->fs.sb,
+					       it.curr);
+	memcpy(&d->de.name, it.curr->name, name_length);
+
+	/* Directly copying the content isn't safe for Big-endian targets*/
+	d->de.inode = ext4_dir_en_get_inode(it.curr);
+	d->de.entry_length = ext4_dir_en_get_entry_len(it.curr);
+	d->de.name_length = name_length;
+	d->de.inode_type = ext4_dir_en_get_inode_type(&d->f.mp->fs.sb,
+						      it.curr);
+
 	de = &d->de;
 
 	ext4_dir_iterator_next(&it);
-- 
2.30.2