From: Peter Watkins <treestem@gmail.com>
Date: Fri, 9 Jul 2010 16:17:10 +0000 (-0700)
Subject: xfs_db: validate btree block magic in the freesp command
X-Git-Tag: v3.1.3~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65b04d8cf71ee5ddd8d7bf50535159206f7e233e;p=thirdparty%2Fxfsprogs-dev.git

xfs_db: validate btree block magic in the freesp command

Occasionally I've hit a SEGV while querying free space in xfs_db on a
mounted file system. In scanfunc_bno, block->bb_numrecs has crazy values.
And bb_magic is not XFS_ABTB_MAGIC.

Check for the correct magic number first, and return otherwise.

Signed-off-by: Peter Watkins <treestem@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
---

diff --git a/db/freesp.c b/db/freesp.c
index e1902c6ac..c4dabad16 100644
--- a/db/freesp.c
+++ b/db/freesp.c
@@ -286,6 +286,9 @@ scanfunc_bno(
 	xfs_alloc_ptr_t		*pp;
 	xfs_alloc_rec_t		*rp;
 
+	if (be32_to_cpu(block->bb_magic) != XFS_ABTB_MAGIC)
+		return;
+
 	if (level == 0) {
 		rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
 		for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)
@@ -310,6 +313,9 @@ scanfunc_cnt(
 	xfs_alloc_ptr_t		*pp;
 	xfs_alloc_rec_t		*rp;
 
+	if (be32_to_cpu(block->bb_magic) != XFS_ABTC_MAGIC)
+		return;
+
 	if (level == 0) {
 		rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
 		for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)