]> git.ipfire.org Git - thirdparty/xfsprogs-dev.git/commitdiff
projects / thirdparty / xfsprogs-dev.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eaecd1c)
xfs_repair: catch bad depth in traverse_int_dir2block
authorEric Sandeen <sandeen@sandeen.net>
Mon, 8 Jun 2009 21:39:32 +0000 (16:39 -0500)
committerEric Sandeen <sandeen@sandeen.net>
Mon, 8 Jun 2009 21:39:32 +0000 (16:39 -0500)
A bad on-disk tree depth in traverse_int_dir2block() can
later cause a segfault when it's used as an array index in
this function; if we get something beyond the max depth,
just error out and the dir will get rebuilt.

Reported-by: Richard Kolkovich <richard@intrameta.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Christoph Hellwig <hch@lst.de>
repair/dir2.c patch | blob | blame | history

diff --git a/repair/dir2.c b/repair/dir2.c
index 9575fb1c90ae962be5dfb5f8da32d0da778f88cb..2723e3b9291b41666cbb6bc54120947123f54232 100644 (file)
--- a/repair/dir2.c
+++ b/repair/dir2.c
@@ -339,9 +339,17 @@ traverse_int_dir2block(xfs_mount_t *mp,
                /*
                 * maintain level counter
                 */
-               if (i == -1)
+               if (i == -1) {
                        i = da_cursor->active = be16_to_cpu(node->hdr.level);
-               else  {
+                       if (i >= XFS_DA_NODE_MAXDEPTH) {
+                               do_warn(_("bad header depth for directory "
+                                         "inode %llu\n"),
+                                       da_cursor->ino);
+                               da_brelse(bp);
+                               i = -1;
+                               goto error_out;
+                       }
+               } else {
                        if (be16_to_cpu(node->hdr.level) == i - 1)  {
                                i--;
                        } else  {
Unnamed repository; edit this file 'description' to name the repository.