From 65b04d8cf71ee5ddd8d7bf50535159206f7e233e Mon Sep 17 00:00:00 2001
From: Peter Watkins <treestem@gmail.com>
Date: Fri, 9 Jul 2010 09:17:10 -0700
Subject: [PATCH] xfs_db: validate btree block magic in the freesp command

Occasionally I've hit a SEGV while querying free space in xfs_db on a
mounted file system. In scanfunc_bno, block->bb_numrecs has crazy values.
And bb_magic is not XFS_ABTB_MAGIC.

Check for the correct magic number first, and return otherwise.

Signed-off-by: Peter Watkins <treestem@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 db/freesp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/db/freesp.c b/db/freesp.c
index e1902c6ac..c4dabad16 100644
--- a/db/freesp.c
+++ b/db/freesp.c
@@ -286,6 +286,9 @@ scanfunc_bno(
 	xfs_alloc_ptr_t		*pp;
 	xfs_alloc_rec_t		*rp;
 
+	if (be32_to_cpu(block->bb_magic) != XFS_ABTB_MAGIC)
+		return;
+
 	if (level == 0) {
 		rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
 		for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)
@@ -310,6 +313,9 @@ scanfunc_cnt(
 	xfs_alloc_ptr_t		*pp;
 	xfs_alloc_rec_t		*rp;
 
+	if (be32_to_cpu(block->bb_magic) != XFS_ABTC_MAGIC)
+		return;
+
 	if (level == 0) {
 		rp = XFS_ALLOC_REC_ADDR(mp, block, 1);
 		for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)
-- 
2.47.2