From patchwork Thu Oct 7 09:28:44 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 237911 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id o979SqwF004916 for ; Thu, 7 Oct 2010 09:28:52 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760126Ab0JGJ2s (ORCPT ); Thu, 7 Oct 2010 05:28:48 -0400 Received: from vpn.id2.novell.com ([195.33.99.129]:42382 "EHLO vpn.id2.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753695Ab0JGJ2r convert rfc822-to-8bit (ORCPT ); Thu, 7 Oct 2010 05:28:47 -0400 Received: from EMEA1-MTA by vpn.id2.novell.com with Novell_GroupWise; Thu, 07 Oct 2010 11:21:05 +0100 Message-Id: <4CADAEEC020000780001B32C@vpn.id2.novell.com> X-Mailer: Novell GroupWise Internet Agent 8.0.1 Date: Thu, 07 Oct 2010 10:28:44 +0100 From: "Jan Beulich" To: "Chris Mason" Cc: Subject: [PATCH] fix (latent?) memory corruption in btrfs_encode_fh() Mime-Version: 1.0 Content-Disposition: inline Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Thu, 07 Oct 2010 09:28:53 +0000 (UTC) --- linux-2.6.36-rc7/fs/btrfs/export.c +++ 2.6.36-rc7-btrfs-encode-fh/fs/btrfs/export.c @@ -46,6 +46,8 @@ static int btrfs_encode_fh(struct dentry spin_unlock(&dentry->d_lock); if (parent_root_id != fid->root_objectid) { + if (*max_len < BTRFS_FID_SIZE_CONNECTABLE_ROOT) + return 255; fid->parent_root_objectid = parent_root_id; len = BTRFS_FID_SIZE_CONNECTABLE_ROOT; type = FILEID_BTRFS_WITH_PARENT_ROOT;