[PATCH V3] xfsdump: prevent segfault in cb_add_inogrp
Rich Johnston
rjohnston at sgi.com
Wed Aug 26 17:58:26 CDT 2015
On 08/26/2015 05:56 PM, Dave Chinner wrote:
> On Wed, Aug 26, 2015 at 05:29:55PM -0500, rjohnston at sgi.com wrote:
>>
>> The call to memset will segfault because the offset for the first
>> parameter is done twice. We are using pointer math to do the
>> calculation.
>>
>> The first time is when calculating oldsize, the size of i2gseg_t
>> is accounted for.
>> oldsize = (numsegs - SEGPERHNK) * sizeof(i2gseg_t);
>> Then in the call to memset, oldsize is again multiplied by the size
>> of i2gmap_t.
>> memset(inomap.i2gmap + oldsize, ...)
>>
>> i2gmap holds the used inodes in each chunk. When there are 2^31 chunk
>> entries, it could describe 2^31 (1 inode/chunk)- 2^40 (64 inodes/chunk).
>>
>> With 100s of millions of inodes there are enough entries to wrap the
>> 32 bit variable oldsize.
>>
>> Adding a bounds check (numsegs < 0) and switching to use array
>> index notation instead of calculating the pointer address twice
>> would resolve this issue. The unneeded local variable oldsize
>> can be removed as well.
>
> Can't believe I missed this first two times time through - the patch
> is missing your signed-off-by. Just reply with it, and I'll fix it
> up on commit. :)
Dooh my bad
Signed-off-by: Rich Johnston <rjohnston at sgi.com>
>
> Thanks, Rich!
>
> Cheers,
>
> Dave.
>
More information about the xfs
mailing list