diff mbox

fix (latent?) memory corruption in btrfs_encode_fh()

Message ID 4CADAEEC020000780001B32C@vpn.id2.novell.com
State New, archived
Headers show

Commit Message

Jan Beulich Oct. 7, 2010, 9:28 a.m. UTC
None
diff mbox

Patch

--- linux-2.6.36-rc7/fs/btrfs/export.c
+++ 2.6.36-rc7-btrfs-encode-fh/fs/btrfs/export.c
@@ -46,6 +46,8 @@  static int btrfs_encode_fh(struct dentry
 		spin_unlock(&dentry->d_lock);
 
 		if (parent_root_id != fid->root_objectid) {
+			if (*max_len < BTRFS_FID_SIZE_CONNECTABLE_ROOT)
+				return 255;
 			fid->parent_root_objectid = parent_root_id;
 			len = BTRFS_FID_SIZE_CONNECTABLE_ROOT;
 			type = FILEID_BTRFS_WITH_PARENT_ROOT;