From: Eric Sandeen Date: Mon, 28 May 2012 02:13:39 +0000 (-0400) Subject: libext2fs: fix rbtree backend for extent lengths greater than 2^32 X-Git-Tag: v1.42.4~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=918eeb32e9bd1d053bafc9d3c70ef420c21eeda9;p=thirdparty%2Fe2fsprogs.git libext2fs: fix rbtree backend for extent lengths greater than 2^32 For a completely full filesystem with more than 2^32 blocks, the rbtree bitmap backend can assemble an extent of used blocks which is longer than 2^32. If it does, it will overflow ->count, and corrupt the rbtree for the bitmaps. Discovered by completely filling a 32T filesystem using fallocate, and then observing debugfs, dumpe2fs, and e2fsck all behaving badly. (Note that filling with only 31 x 1T files did not show the problem, because freespace was fragmented enough that there was no sufficiently long range of used blocks.) Reviewed-by: Andreas Dilger Signed-off-by: Eric Sandeen Signed-off-by: Theodore Ts'o --- diff --git a/lib/ext2fs/blkmap64_rb.c b/lib/ext2fs/blkmap64_rb.c index 7ab72f4a0..a83f8acf2 100644 --- a/lib/ext2fs/blkmap64_rb.c +++ b/lib/ext2fs/blkmap64_rb.c @@ -33,7 +33,7 @@ struct bmap_rb_extent { struct rb_node node; __u64 start; - __u32 count; + __u64 count; }; struct ext2fs_rb_private {