From patchwork Wed Oct 10 14:50:47 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gabriel de Perthuis X-Patchwork-Id: 1574101 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 67FF4DFB34 for ; Wed, 10 Oct 2012 14:51:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932274Ab2JJOvB (ORCPT ); Wed, 10 Oct 2012 10:51:01 -0400 Received: from smtp1-g21.free.fr ([212.27.42.1]:49917 "EHLO smtp1-g21.free.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932253Ab2JJOvA (ORCPT ); Wed, 10 Oct 2012 10:51:00 -0400 Received: from moulinex (unknown [IPv6:2a01:e35:8a2c:b230:28c4:ac3d:f8b0:a876]) by smtp1-g21.free.fr (Postfix) with ESMTP id DD0479401D1; Wed, 10 Oct 2012 16:50:51 +0200 (CEST) Received: from g2p by moulinex with local (Exim 4.80) (envelope-from ) id 1TLxcX-00083C-Di; Wed, 10 Oct 2012 16:50:49 +0200 From: Gabriel de Perthuis To: linux-btrfs@vger.kernel.org Cc: Gabriel de Perthuis Subject: [PATCH] Fix a sign bug causing invalid memory access in the ino_paths ioctl. Date: Wed, 10 Oct 2012 16:50:47 +0200 Message-Id: <1349880647-30358-1-git-send-email-g2p.code@gmail.com> X-Mailer: git-send-email 1.7.12.117.gdc24c27 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org To see the problem, create many hardlinks to the same file (120 should do it), then look up paths by inode with: ls -i btrfs inspect inode-resolve -v $ino /mnt/btrfs I noticed the memory layout of the fspath->val data had some irregularities (some unnecessary gaps that stop appearing about halfway), so I'm not sure there aren't any bugs left in it. --- fs/btrfs/backref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index 868cf5b..29d05c6 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -1131,7 +1131,7 @@ char *btrfs_iref_to_path(struct btrfs_root *fs_root, struct btrfs_path *path, int slot; u64 next_inum; int ret; - s64 bytes_left = size - 1; + s64 bytes_left = ((s64)size) - 1; struct extent_buffer *eb = eb_in; struct btrfs_key found_key; int leave_spinning = path->leave_spinning;