[BUG?] There is a possibility that 'i_ino' overflows
diff mbox

Message ID 4D0EB953.2010106@jp.fujitsu.com
State New, archived
Headers show

Commit Message

Tsutomu Itoh Dec. 20, 2010, 2:02 a.m. UTC
None

Patch
diff mbox

diff -urNp linux-2.6.37-rc6/fs/btrfs/inode.c linux-2.6.37-rc6.new/fs/btrfs/inode.c
--- linux-2.6.37-rc6/fs/btrfs/inode.c   2010-12-16 10:24:48.000000000 +0900
+++ linux-2.6.37-rc6.new/fs/btrfs/inode.c       2010-12-20 09:04:18.000000000 +0900
@@ -4529,6 +4529,10 @@  static struct inode *btrfs_new_inode(str
 
 	inode_init_owner(inode, dir, mode);
 	inode->i_ino = objectid;
+	if (unlikely(inode->i_ino > (unsigned long)BTRFS_LAST_FREE_OBJECTID)) {
+		ret = -ENOSPC;
+		goto fail;
+	}
 	inode_set_bytes(inode, 0);
 	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 	inode_item = btrfs_item_ptr(path->nodes[0], path->slots[0],