[PATCH] SGI-PV: Read buffer overflow
Alex Elder
aelder at sgi.com
Mon Aug 3 14:11:48 CDT 2009
> Check whether index is within bounds before grabbing the element.
>
> Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
> ---
> diff --git a/fs/xfs/xfs_da_btree.c b/fs/xfs/xfs_da_btree.c
> index 9ff6e57..ef1d275 100644
> --- a/fs/xfs/xfs_da_btree.c
> +++ b/fs/xfs/xfs_da_btree.c
> @@ -1414,8 +1414,9 @@ xfs_da_path_shift(xfs_da_state_t
> *state, xfs_da_state_path_t *path,
> ASSERT(args != NULL);
> ASSERT(path != NULL);
> ASSERT((path->active > 0) && (path->active < XFS_DA_NODE_MAXDEPTH));
> - level = (path->active-1) - 1; /* skip bottom layer in path */
> - for (blk = &path->blk[level]; level >= 0; blk--, level--) {
> + /* skip bottom layer in path */
> + for (level = (path->active-1) - 1; level >= 0; blk--, level--) {
No need to decrement "blk" above. You are reassigning it anyway
in the next statement.
> + blk = &path->blk[level];
> ASSERT(blk->bp != NULL);
> node = blk->bp->data;
> ASSERT(be16_to_cpu(node->hdr.info.magic) == XFS_DA_NODE_MAGIC);
Note that if level were < 0 upon entry to the loop in its previous
form, then the computed value of blk would never have been used.
-Alex
More information about the xfs
mailing list