On 2019/2/20 上午11:08, YueHaibing wrote: > btrfs_item_size_nr return value is u32, convert it to int may result > in truncation.Also read_extent_buffer expect a unsigned param, so > min_t should use type u32 to compare.
Btrfs has a up limit on item size, it will never exceed 64K - various
overhead.
Furthermore, btrfs has metadata read time check to exclude such
obviously corrupted tree blocks, thus corrupted tree block will never
reach here.
Thanks,
Qu
>
> Fixes: 8ea05e3a4262 ("Btrfs: introduce subvol uuids and times")
> Signed-off-by: YueHaibing <yuehaib...@huawei.com>
> ---
> fs/btrfs/root-tree.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
> index 02d1a57af78b..893d12fbfda0 100644
> --- a/fs/btrfs/root-tree.c
> +++ b/fs/btrfs/root-tree.c
> @@ -21,12 +21,12 @@ static void btrfs_read_root_item(struct extent_buffer
> *eb, int slot,
> struct btrfs_root_item *item)
> {
> uuid_le uuid;
> - int len;
> + u32 len;
> int need_reset = 0;
>
> len = btrfs_item_size_nr(eb, slot);
> read_extent_buffer(eb, item, btrfs_item_ptr_offset(eb, slot),
> - min_t(int, len, (int)sizeof(*item)));
> + min_t(u32, len, sizeof(*item)));
> if (len < sizeof(*item))
> need_reset = 1;
> if (!need_reset && btrfs_root_generation(item)
>
>
>
signature.asc
Description: OpenPGP digital signature
