If we encounter a directory with an entry that points to inode zero,
we'll crash due to an ASSERT during process_inode_chunk. This is due to
process_dir2_data not arranging for phase 6 to fix the parent pointer
when '..' -> 0, so do that. Found via xfs/386 fuzzing bu[1].inumber to
zero.
[sandeen: change "parent pointer" to parent directory for clarity]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
#define xfs_bmbt_get_all libxfs_bmbt_get_all
#define xfs_rtfree_extent libxfs_rtfree_extent
#define xfs_verify_rtbno libxfs_verify_rtbno
+#define xfs_verify_ino libxfs_verify_ino
#define xfs_zero_extent libxfs_zero_extent
#define xfs_defer_init libxfs_defer_init
}
*parent = ino;
}
+ /*
+ * Make sure our parent directory doesn't point
+ * off into space.
+ */
+ if (!junkit &&
+ *parent != NULLFSINO &&
+ !libxfs_verify_ino(mp, *parent)) {
+ do_warn(
+_("bad .. entry in directory inode %" PRIu64 ", was %" PRIu64 ": "),
+ ino, *parent);
+ if (!no_modify) {
+ do_warn(_("correcting\n"));
+ } else {
+ do_warn(_("would correct\n"));
+ }
+ *parent = NULLFSINO;
+ }
}
/*
* Can't fix the directory unless we know which ..