From patchwork Wed Jun 17 23:59:13 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robert Marklund X-Patchwork-Id: 6632091 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id CEABEC0020 for ; Thu, 18 Jun 2015 00:06:49 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id E205920696 for ; Thu, 18 Jun 2015 00:06:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 20D0A206A1 for ; Thu, 18 Jun 2015 00:06:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752462AbbFRAFb (ORCPT ); Wed, 17 Jun 2015 20:05:31 -0400 Received: from v-smtpgw1.han.skanova.net ([81.236.60.204]:43961 "EHLO v-smtpgw1.han.skanova.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752372AbbFRAF3 (ORCPT ); Wed, 17 Jun 2015 20:05:29 -0400 X-Greylist: delayed 363 seconds by postgrey-1.27 at vger.kernel.org; Wed, 17 Jun 2015 20:05:28 EDT Received: from euforia.trollis.net ([90.224.54.68]) by cmsmtp with SMTP id 5NEpZfVjrVYma5NEpZgqcA; Thu, 18 Jun 2015 01:59:23 +0200 Received: from euforia.trollis.net (localhost [127.0.0.1]) by euforia.trollis.net (8.14.9/8.14.8) with ESMTP id t5HNxMRa008737; Thu, 18 Jun 2015 01:59:22 +0200 From: Robert Marklund To: linux-btrfs@vger.kernel.org Cc: Robert Marklund Subject: [PATCH] check: check so offset is not bigger then the leaf Date: Thu, 18 Jun 2015 01:59:13 +0200 Message-Id: <1434585553-8697-1-git-send-email-robbelibobban@gmail.com> X-Mailer: git-send-email 2.1.0 X-CMAE-Envelope: MS4wfEapbeLoHkF3tPMmMSuPI5HqlhaE1WLfg/TgkwwEXIGdHzogCkLsV0CgDhRlSSKJUWKONTD3zwfDiwAqv78C74m1YPzR6cVvShf0HCURmXxuuVWMzMxsQdc1Wi2R5RfMlIex2kCiL6qAT0AoDSVJxrPoZY0OY/bbm1wxOjBPmLQxqmjVI302OEuH/XVbq0w8HOrQuP6mgY8Mcd8FfNF3PGFJ4heEwOzh4xp9zPi/oycO Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This could crash before because of dangerous dangling offset of pointer. Signed-off-by: Robert Marklund --- cmds-check.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cmds-check.c b/cmds-check.c index 778f141..da36758 100644 --- a/cmds-check.c +++ b/cmds-check.c @@ -8906,6 +8906,16 @@ static int build_roots_info_cache(struct btrfs_fs_info *info) goto next; ei = btrfs_item_ptr(leaf, slot, struct btrfs_extent_item); + + if ((long long)ei > info->extent_root->leafsize) { + fprintf(stderr, "Bad leaf = %p, slot = %d\n", leaf, slot); + fprintf(stderr, "item ptr = %p\n", ei); + fprintf(stderr, "objectid = %llx\n", found_key.objectid); + fprintf(stderr, "type = %x\n", found_key.type); + fprintf(stderr, "offset = %llx\n", found_key.offset); + goto next; + } + flags = btrfs_extent_flags(leaf, ei); if (found_key.type == BTRFS_EXTENT_ITEM_KEY &&