btrfs-progs: check for item end outside of leaf

Enhance leaf check to verify item ends that looks otherwise fine but would exceed leaf. Same check is done in kernel. Reported-by: Robert Marklund <robbelibobban@gmail.com> Signed-off-by: David Sterba <dsterba@suse.com>
2015-07-01 15:20:23 +02:00 · 2015-07-01 15:20:23 +02:00 · eb26712958
parent 1b1fd2c190
commit eb26712958
1 changed files with 14 additions and 0 deletions
--- a/ctree.c
+++ b/ctree.c
@ -521,6 +521,20 @@ btrfs_check_leaf(struct btrfs_root *root, struct btrfs_disk_key *parent_key,
 			goto fail;
 		}
 	}
+
+	for (i = 0; i < nritems; i++) {
+		if (btrfs_item_end_nr(buf, i) > BTRFS_LEAF_DATA_SIZE(root)) {
+			btrfs_item_key(buf, &key, 0);
+			btrfs_print_key(&key);
+			fflush(stdout);
+			ret = BTRFS_TREE_BLOCK_INVALID_OFFSETS;
+			fprintf(stderr, "slot end outside of leaf %llu > %llu\n",
+				(unsigned long long)btrfs_item_end_nr(buf, i),
+				(unsigned long long)BTRFS_LEAF_DATA_SIZE(root));
+			goto fail;
+		}
+	}
+
 	return BTRFS_TREE_BLOCK_CLEAN;
 fail:
 	if (btrfs_header_owner(buf) == BTRFS_EXTENT_TREE_OBJECTID) {