From 368fc35adf01677d4ca07c276fb58f4382fcf101 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Axel=20D=C3=B6rfler?= <axeld@pinc-software.de>
Date: Thu, 13 Aug 2009 16:49:53 +0000
Subject: [PATCH] * Also have the uppper limit check in the assert.

git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@32323 a95241bf-73f2-0310-859d-f6bbb57e9c96
---
 src/system/kernel/fs/vfs.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/system/kernel/fs/vfs.cpp b/src/system/kernel/fs/vfs.cpp
index dbf892812e..424739b52a 100644
--- a/src/system/kernel/fs/vfs.cpp
+++ b/src/system/kernel/fs/vfs.cpp
@@ -5561,9 +5561,11 @@ fix_dirent(struct vnode* parent, struct dirent* userEntry,
 		if (user_memcpy(entry, userEntry, sizeof(struct dirent) - 1) != B_OK)
 			return B_BAD_ADDRESS;
 
-		ASSERT(entry->d_reclen >= sizeof(struct dirent));
+		ASSERT(entry->d_reclen >= sizeof(struct dirent)
+			&& entry->d_reclen <= sizeof(buffer));
 
-		// This hints to a problem in the file system implementation
+		// This hints to a problem in the file system implementation, but
+		// could also be caused by a malicious user application
 		if (entry->d_reclen < sizeof(struct dirent)
 			|| entry->d_reclen > sizeof(buffer))
 			return B_BAD_DATA;