From: Darrick J. Wong <djwong@alder.djwong.org>
Date: Sun, 23 Aug 2015 23:21:01 +0000 (+1000)
Subject: xfs_db: don't crash on a corrupt inode
X-Git-Tag: v4.2.0-rc3~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=603ab21edca73fa1a47515ead7f09a7d42490b3e;p=thirdparty%2Fxfsprogs-dev.git

xfs_db: don't crash on a corrupt inode

If the user selects a corrupt inode via the 'inode XXX' command, the
read verifier will fail and the io cursor at the top of the ring will
not have any data attached.  When this is the case, we cannot
dereference the NULL pointer or xfs_db will crash.  Therefore, check
the buffer pointer before using it.

It's arguable that we ought to retry the read without the verifiers
if the inode is corrupt or fails CRC, since this /is/ a debugging
tool, and maybe you wanted the contents anyway.

[dchinner: fixes xfs/003 on 1k block size failure]

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
---

diff --git a/db/inode.c b/db/inode.c
index e86dabdba..64b263bd1 100644
--- a/db/inode.c
+++ b/db/inode.c
@@ -682,6 +682,8 @@ set_cur_inode(
 	set_cur(&typtab[TYP_INODE], XFS_AGB_TO_DADDR(mp, agno, cluster_agbno),
 		numblks, DB_RING_IGN, NULL);
 	off_cur(offset << mp->m_sb.sb_inodelog, mp->m_sb.sb_inodesize);
+	if (!iocur_top->data)
+		return;
 	dip = iocur_top->data;
 	iocur_top->ino_buf = 1;
 	iocur_top->ino = ino;