* [PATCH] xfs: fix the problem that the array may be out of bound
@ 2021-11-19 8:17 zhangyue
2022-01-11 19:32 ` Darrick J. Wong
0 siblings, 1 reply; 2+ messages in thread
From: zhangyue @ 2021-11-19 8:17 UTC (permalink / raw)
To: darrick.wong, linux-xfs; +Cc: linux-kernel
In function 'xfs_btree_delrec()', if all data in array
'cur->bc_ptrs[level]' is 0, the 'level' may be greater than
or equal to 'XFS_BTREE_MAXLEVELS'.
At this time, the array may be out of bound.
Signed-off-by: zhangyue <zhangyue1@kylinos.cn>
---
fs/xfs/libxfs/xfs_btree.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
index bbdae2b4559f..fe66d1adc169 100644
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -3694,6 +3694,9 @@ xfs_btree_delrec(
tcur = NULL;
/* Get the index of the entry being deleted, check for nothing there. */
+ if (level >= XFS_BTREE_MAXLEVELS)
+ return -EFSCORRUPTED;
+
ptr = cur->bc_ptrs[level];
if (ptr == 0) {
*stat = 0;
--
2.30.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] xfs: fix the problem that the array may be out of bound
2021-11-19 8:17 [PATCH] xfs: fix the problem that the array may be out of bound zhangyue
@ 2022-01-11 19:32 ` Darrick J. Wong
0 siblings, 0 replies; 2+ messages in thread
From: Darrick J. Wong @ 2022-01-11 19:32 UTC (permalink / raw)
To: zhangyue; +Cc: linux-xfs, linux-kernel
On Fri, Nov 19, 2021 at 04:17:58PM +0800, zhangyue wrote:
> In function 'xfs_btree_delrec()', if all data in array
> 'cur->bc_ptrs[level]' is 0, the 'level' may be greater than
> or equal to 'XFS_BTREE_MAXLEVELS'.
>
> At this time, the array may be out of bound.
>
> Signed-off-by: zhangyue <zhangyue1@kylinos.cn>
I /think/ this is no longer necessary since XFS_BTREE_MAXLEVELS went
away in 5.16, but if you disagree, please resend.
--D
> ---
> fs/xfs/libxfs/xfs_btree.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
> index bbdae2b4559f..fe66d1adc169 100644
> --- a/fs/xfs/libxfs/xfs_btree.c
> +++ b/fs/xfs/libxfs/xfs_btree.c
> @@ -3694,6 +3694,9 @@ xfs_btree_delrec(
> tcur = NULL;
>
> /* Get the index of the entry being deleted, check for nothing there. */
> + if (level >= XFS_BTREE_MAXLEVELS)
> + return -EFSCORRUPTED;
> +
> ptr = cur->bc_ptrs[level];
> if (ptr == 0) {
> *stat = 0;
> --
> 2.30.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-11 19:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-19 8:17 [PATCH] xfs: fix the problem that the array may be out of bound zhangyue
2022-01-11 19:32 ` Darrick J. Wong
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).