xfs_repair: initialize realloced bplist in longform_dir2_entry_check

If we need to realloc the bplist[] array holding buffers for a given
directory, we don't initialize the new slots.  This causes a problem
if the directory has holes, because those slots never get filled in.

At the end of the function we call libxfs_putbuf for every non-null
slot, and any uninitialized slots are segfault landmines.

Make sure we initialize all new slots to NULL for this reason.

Reported-by: Oleg Davydov <burunduk3@gmail.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/repair/phase6.c b/repair/phase6.c
index e017326951f59c05e01d0f1ad31dac1dbd62dcdc..dc1cf8b9d4bbf3caade02d84f18326f66a02aab4 100644 (file)
--- a/repair/phase6.c
+++ b/repair/phase6.c
@@ -2335,6 +2335,8 @@ longform_dir2_entry_check(xfs_mount_t     *mp,
 
                db = xfs_dir2_da_to_db(mp->m_dir_geo, da_bno);
                if (db >= num_bps) {
+                       int last_size = num_bps;
+
                        /* more data blocks than expected */
                        num_bps = db + 1;
                        bplist = realloc(bplist, num_bps * sizeof(struct xfs_buf*));
@@ -2342,6 +2344,9 @@ longform_dir2_entry_check(xfs_mount_t     *mp,
                                do_error(_("realloc failed in %s (%zu bytes)\n"),
                                        __func__,
                                        num_bps * sizeof(struct xfs_buf*));
+                       /* Initialize the new elements */
+                       for (i = last_size; i < num_bps; i++)
+                               bplist[i] = NULL;
                }
 
                if (isblock)