From: Eric Sandeen Date: Thu, 12 Sep 2013 20:56:36 +0000 (+0000) Subject: xfs_repair: test for bad level in dir2 node X-Git-Tag: v3.2.0-alpha2~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=44dae5e;p=thirdparty%2Fxfsprogs-dev.git xfs_repair: test for bad level in dir2 node In traverse_int_dir2block(), the variable 'i' is the level in the tree, with 0 being a leaf node. In the "do" loop we start at the root, and work our way down to a leaf. If the first node we read is an interior node with NODE_MAGIC, but it tells us that its level is 0 (a leaf), this is clearly an inconsistency. Worse, we'd return with success, bno set, and only level[0] in the cursor initialized. Then down this path we'll segfault when accessing an uninitialized (and zeroed) member of the cursor's level array: process_node_dir2 traverse_int_dir2block // returns 0 w/ bno set, only level[0] init'd process_leaf_level_dir2 verify_dir2_path(mp, da_cursor, 0) // p_level == 0 this_level = p_level + 1; node = cursor->level[this_level].bp->b_addr; // level[1] uninit & 0'd Fix this by recognizing that an interior node w/ level 0 is invalid, and error out as for other inconsistencies. By the time the level 0 test is done, we have already ensured that this block has XFS_DA[3]_NODE_MAGIC. Reported-by: Jan Yves Brueckner Signed-off-by: Eric Sandeen Reviewed-by: Mark Tinguely Signed-off-by: Rich Johnston --- diff --git a/repair/dir2.c b/repair/dir2.c index d931d1dc9..3aabcaa1b 100644 --- a/repair/dir2.c +++ b/repair/dir2.c @@ -220,7 +220,7 @@ _("bad record count in inode %" PRIu64 ", count = %d, max = %d\n"), */ if (i == -1) { i = da_cursor->active = nodehdr.level; - if (i >= XFS_DA_NODE_MAXDEPTH) { + if (i < 1 || i >= XFS_DA_NODE_MAXDEPTH) { do_warn( _("bad header depth for directory inode %" PRIu64 "\n"), da_cursor->ino);