Hello,
Execution should goto label 'insert' when 'btrfs_next_leaf' return a
non-zero value, otherwise the parameter 'slot' for
'btrfs_item_key_to_cpu' may be out of bounds. The original codes jump
to label 'insert' only when 'btrfs_next_leaf' return a negative
value.
Regards
YZ
---
diff -r a1bde8e797ff file-item.c
--- a/file-item.c Thu Oct 25 15:49:25 2007 -0400
+++ b/file-item.c Sun Oct 28 23:05:52 2007 +0800
@@ -178,13 +178,11 @@ int btrfs_csum_file_block(struct btrfs_t
nritems = btrfs_header_nritems(path->nodes[0]);
if (path->slots[0] >= nritems - 1) {
ret = btrfs_next_leaf(root, path);
- if (ret == 1) {
+ if (ret == 1)
found_next = 1;
- } else if (ret == 0) {
- slot = 0;
- } else {
+ if (ret != 0)
goto insert;
- }
+ slot = 0;
}
btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
if (found_key.objectid != objectid ||
@@ -238,7 +236,7 @@ insert:
csum_offset = 0;
if (found_next) {
u64 tmp = min((u64)i_size_read(inode), next_offset);
- tmp -= offset + root->sectorsize - 1;
+ tmp -= offset - root->sectorsize + 1;
tmp >>= root->fs_info->sb->s_blocksize_bits;
tmp = max((u64)1, tmp);
tmp = min(tmp, (u64)MAX_CSUM_ITEMS(root));
_______________________________________________
Btrfs-devel mailing list
[email protected]
http://oss.oracle.com/mailman/listinfo/btrfs-devel
