On Tue, May 02, 2017 at 03:36:09PM +0800, Lu Fengqi wrote: > Fuzzed image bko-161821.raw cause btrfs check to get segmentation fault. > > The function check_owner_ref attempts to access a non-exist quota tree > when dealing with extent_item [4198400 4096] in the corrupted filesystem. > > The function btrfs_new_fs_info always allocate memory for > fs_info->quota_root regardless of whether quota_tree exists or not. > Additionally, the function btrfs_read_fs_root will directly return > fs_info->quota_root if location->objectid == BTRFS_QUOTA_TREE_OBJECTID. > > This patch does the following things: > 1. Do extra check and return ENOENT if quota tree does not exist in the > function btrfs_read_fs_root. > 2. Free useless fs_info->quota_root in the function btrfs_setup_all_roots > to reduce confusion. > 3. free_extent_buffer even if check_child_node failed in the function > walk_down_tree. > > Signed-off-by: Lu Fengqi <lufq.f...@cn.fujitsu.com>
Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
