xfs_db: validate btree block magic in the freesp command

Occasionally I've hit a SEGV while querying free space in xfs_db on a
mounted file system. In scanfunc_bno, block->bb_numrecs has crazy values.
And bb_magic is not XFS_ABTB_MAGIC.

Check for the correct magic number first, and return otherwise.

Signed-off-by: Peter Watkins <treestem@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>

diff --git a/db/freesp.c b/db/freesp.c
index e1902c6ac1f3d17a5a993c99c9e5c21ce5c4f52f..c4dabad165909e844d32b3ec8ed4ea32fe380a26 100644 (file)
--- a/db/freesp.c
+++ b/db/freesp.c
@@ -286,6 +286,9 @@ scanfunc_bno(
        xfs_alloc_ptr_t         *pp;
        xfs_alloc_rec_t         *rp;
 
+       if (be32_to_cpu(block->bb_magic) != XFS_ABTB_MAGIC)
+               return;
+
        if (level == 0) {
                rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
                for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)
@@ -310,6 +313,9 @@ scanfunc_cnt(
        xfs_alloc_ptr_t         *pp;
        xfs_alloc_rec_t         *rp;
 
+       if (be32_to_cpu(block->bb_magic) != XFS_ABTC_MAGIC)
+               return;
+
        if (level == 0) {
                rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
                for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)