xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] xfs_db: do bounds checking in frag's scanfunc_bmap

from [Christoph Hellwig] [Permanent Link][Original]
To: Eric Sandeen <sandeen@xxxxxxxxxxx>
Subject: Re: [PATCH] xfs_db: do bounds checking in frag's scanfunc_bmap
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Fri, 31 Jul 2009 16:43:39 -0400
Cc: xfs mailing list <xfs@xxxxxxxxxxx>
In-reply-to: <4A708247.7040509@xxxxxxxxxxx>
References: <4A708247.7040509@xxxxxxxxxxx>
User-agent: Mutt/1.5.18 (2008-05-17) 
> @@ -437,15 +437,29 @@ scanfunc_bmap(
>       int                     i;
>       xfs_bmbt_ptr_t          *pp;
>       xfs_bmbt_rec_t          *rp;
> +     int                     nrecs;
> +
> +     nrecs = be16_to_cpu(block->bb_numrecs);
>  
>       if (level == 0) {
> +             if (nrecs > mp->m_bmap_dmxr[0]) {
> +                     dbprintf(_("invalid numrecs (%u) in %s block\n"),
> +                                nrecs, typtab[btype].name);
> +                     return;
> +             }
>               rp = XFS_BMBT_REC_ADDR(mp, block, 1);
>               process_bmbt_reclist((xfs_bmbt_rec_32_t *)rp, 
> -                             be16_to_cpu(block->bb_numrecs), extmapp);
> +                             nrecs, extmapp);
> +             return;
> +     }
> +
> +     if (nrecs > mp->m_bmap_dmxr[1]) {
> +             dbprintf(_("invalid numrecs (%u) in %s block\n"),
> +                        nrecs, typtab[btype].name);
>               return;
>       }
>       pp = XFS_BMBT_PTR_ADDR(mp, block, 1, mp->m_bmap_dmxr[0]);
> -     for (i = 0; i < be16_to_cpu(block->bb_numrecs); i++)
> +     for (i = 0; i < nrecs; i++)
>               scan_lbtree(be64_to_cpu(pp[i]), level, scanfunc_bmap, extmapp, 
>                                                                       btype);
>  }

Looks good to me.


Reviewed-by: Christoph Hellwig <hch@xxxxxx>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: xfs i/O error, Emmanuel Florac
Next by Date:  [PATCH 0/3] more memory allocator recursion fixes, Christoph Hellwig
Previous by Thread:  [PATCH] xfs_db: do bounds checking in frag's scanfunc_bmap, Eric Sandeen
Next by Thread:  [PATCH] xfstests: actually hook up 198, make it generic, Eric Sandeen
Indexes:  [Date] [Thread] [Top] [All Lists]