@@ -775,6 +775,7 @@ xlog_recover_attri_commit_pass2(
size_t len;
const void *attr_newname = NULL;
unsigned int name_len = 0, newname_len = 0;
+ unsigned int value_len;
int op, i = 0;
/* Validate xfs_attri_log_format before the large memory allocation */
@@ -792,6 +793,7 @@ xlog_recover_attri_commit_pass2(
return -EFSCORRUPTED;
}
+ value_len = attri_formatp->alfi_value_len;
op = xfs_attr_log_item_op(attri_formatp);
switch (op) {
case XFS_ATTRI_OP_FLAGS_NVSET:
@@ -878,8 +880,8 @@ xlog_recover_attri_commit_pass2(
/* Validate the attr value, if present */
- if (attri_formatp->alfi_value_len != 0) {
- if (item->ri_buf[i].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) {
+ if (value_len != 0) {
+ if (item->ri_buf[i].i_len != xlog_calc_iovec_len(value_len)) {
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
attri_formatp, len);
return -EFSCORRUPTED;
@@ -902,7 +904,7 @@ xlog_recover_attri_commit_pass2(
switch (op) {
case XFS_ATTRI_OP_FLAGS_REMOVE:
/* Regular remove operations operate only on names. */
- if (attr_value != NULL || attri_formatp->alfi_value_len != 0) {
+ if (attr_value != NULL || value_len != 0) {
XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
attri_formatp, len);
return -EFSCORRUPTED;
@@ -950,8 +952,7 @@ xlog_recover_attri_commit_pass2(
* reference.
*/
nv = xfs_attri_log_nameval_alloc(attr_name, name_len, attr_newname,
- newname_len, attr_value,
- attri_formatp->alfi_value_len);
+ newname_len, attr_value, value_len);
attrip = xfs_attri_init(mp, nv);
memcpy(&attrip->attri_format, attri_formatp, len);