Re: [PATCH] xfs: fix the problem that the array may be out of bound

From: Darrick J. Wong
Date: Tue Jan 11 2022 - 14:32:18 EST

Next message: Gustavo A. R. Silva: "[GIT PULL] Enable -Wcast-function-type for 5.17-rc1"
Previous message: Lad, Prabhakar: "Re: [PATCH v2 06/13] media: davinci: vpif: Use platform_get_irq_optional() to get the interrupt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 19, 2021 at 04:17:58PM +0800, zhangyue wrote:
> In function 'xfs_btree_delrec()', if all data in array
> 'cur->bc_ptrs[level]' is 0, the 'level' may be greater than
> or equal to 'XFS_BTREE_MAXLEVELS'.
>
> At this time, the array may be out of bound.
>
> Signed-off-by: zhangyue <zhangyue1@xxxxxxxxxx>

I /think/ this is no longer necessary since XFS_BTREE_MAXLEVELS went
away in 5.16, but if you disagree, please resend.

--D

> ---
> fs/xfs/libxfs/xfs_btree.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
> index bbdae2b4559f..fe66d1adc169 100644
> --- a/fs/xfs/libxfs/xfs_btree.c
> +++ b/fs/xfs/libxfs/xfs_btree.c
> @@ -3694,6 +3694,9 @@ xfs_btree_delrec(
> tcur = NULL;
>
> /* Get the index of the entry being deleted, check for nothing there. */
> + if (level >= XFS_BTREE_MAXLEVELS)
> + return -EFSCORRUPTED;
> +
> ptr = cur->bc_ptrs[level];
> if (ptr == 0) {
> *stat = 0;
> --
> 2.30.0
>

Next message: Gustavo A. R. Silva: "[GIT PULL] Enable -Wcast-function-type for 5.17-rc1"
Previous message: Lad, Prabhakar: "Re: [PATCH v2 06/13] media: davinci: vpif: Use platform_get_irq_optional() to get the interrupt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]