From: Eric Sandeen <sandeen@redhat.com>
Date: Tue, 30 Oct 2018 21:51:55 +0000 (-0500)
Subject: xfs_repair: initialize realloced bplist in longform_dir2_entry_check
X-Git-Tag: v4.19.0-rc1~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1624c340a53012b4afd1194d990890c140e3fb66;p=thirdparty%2Fxfsprogs-dev.git

xfs_repair: initialize realloced bplist in longform_dir2_entry_check

If we need to realloc the bplist[] array holding buffers for a given
directory, we don't initialize the new slots.  This causes a problem
if the directory has holes, because those slots never get filled in.

At the end of the function we call libxfs_putbuf for every non-null
slot, and any uninitialized slots are segfault landmines.

Make sure we initialize all new slots to NULL for this reason.

Reported-by: Oleg Davydov <burunduk3@gmail.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---

diff --git a/repair/phase6.c b/repair/phase6.c
index e01732695..dc1cf8b9d 100644
--- a/repair/phase6.c
+++ b/repair/phase6.c
@@ -2335,6 +2335,8 @@ longform_dir2_entry_check(xfs_mount_t	*mp,
 
 		db = xfs_dir2_da_to_db(mp->m_dir_geo, da_bno);
 		if (db >= num_bps) {
+			int last_size = num_bps;
+
 			/* more data blocks than expected */
 			num_bps = db + 1;
 			bplist = realloc(bplist, num_bps * sizeof(struct xfs_buf*));
@@ -2342,6 +2344,9 @@ longform_dir2_entry_check(xfs_mount_t	*mp,
 				do_error(_("realloc failed in %s (%zu bytes)\n"),
 					__func__,
 					num_bps * sizeof(struct xfs_buf*));
+			/* Initialize the new elements */
+			for (i = last_size; i < num_bps; i++)
+				bplist[i] = NULL;
 		}
 
 		if (isblock)