If an agf has bad values in the freelist, this can wreak
havoc if, for example, first > last and the loop
never exits; we index agfl->agfl_bno[i] off into the weeds.
If they're off, warn about it and skip the scan.
This is done both in xfs_check and xfs_db's freespace cmd.
Also fix uninit'd variable "i" from previous, similar fix
for xfs_repair.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Rich Johnston <rjohnston@sgi.com>
return;
}
i = be32_to_cpu(agf->agf_flfirst);
+
+ /* verify agf values before proceeding */
+ if (be32_to_cpu(agf->agf_flfirst) >= XFS_AGFL_SIZE(mp) ||
+ be32_to_cpu(agf->agf_fllast) >= XFS_AGFL_SIZE(mp)) {
+ dbprintf(_("agf %d freelist blocks bad, skipping "
+ "freelist scan\n"), i);
+ pop_cur();
+ return;
+ }
+
count = 0;
for (;;) {
bno = be32_to_cpu(agfl->agfl_bno[i]);
XFS_FSS_TO_BB(mp, 1), DB_RING_IGN, NULL);
agfl = iocur_top->data;
i = be32_to_cpu(agf->agf_flfirst);
+
+ /* verify agf values before proceeding */
+ if (be32_to_cpu(agf->agf_flfirst) >= XFS_AGFL_SIZE(mp) ||
+ be32_to_cpu(agf->agf_fllast) >= XFS_AGFL_SIZE(mp)) {
+ dbprintf(_("agf %d freelist blocks bad, skipping "
+ "freelist scan\n"), i);
+ pop_cur();
+ return;
+ }
+
for (;;) {
bno = be32_to_cpu(agfl->agfl_bno[i]);
addtohist(seqno, bno, 1);
return;
}
agfl = XFS_BUF_TO_AGFL(agflbuf);
+ i = be32_to_cpu(agf->agf_flfirst);
if (no_modify) {
/* agf values not fixed in verify_set_agf, so recheck */
} else /* should have been fixed in verify_set_agf() */
ASSERT(0);
- i = be32_to_cpu(agf->agf_flfirst);
count = 0;
for (;;) {
bno = be32_to_cpu(agfl->agfl_bno[i]);
projects / thirdparty / xfsprogs-dev.git / commitdiff
