[v3,5/9] btrfs: Check name_len in btrfs_check_ref_name_override
diff mbox

Message ID 20170606095708.494-6-suy.fnst@cn.fujitsu.com
State New
Headers show

Commit Message

Su Yue June 6, 2017, 9:57 a.m. UTC
In 'btrfs_log_inode', 'btrfs_search_forward' gets the buffer and then
'btrfs_check_ref_name_override' will read name from inode_ref/inode_extref
for the first time.

Call 'btrfs_is_name_len_valid' before reading name.

Signed-off-by: Su Yue <suy.fnst@cn.fujitsu.com>
---
 fs/btrfs/tree-log.c | 6 ++++++
 1 file changed, 6 insertions(+)

Patch
diff mbox

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 06c7ceb07282..f20ef211a73d 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -4562,6 +4562,12 @@  static int btrfs_check_ref_name_override(struct extent_buffer *eb,
 			this_len = sizeof(*extref) + this_name_len;
 		}
 
+		ret = btrfs_is_name_len_valid(eb, slot, name_ptr,
+					      this_name_len);
+		if (!ret) {
+			ret = -EIO;
+			goto out;
+		}
 		if (this_name_len > name_len) {
 			char *new_name;