While searching a tree we didn't properly check number of items we really stored in user's buffer thus possibly exceeding number of items requested by user. This was mostly harmless since actual buffer overflow is checked correctly in a different place. Anyway, let's fix the check.
Signed-off-by: Jan Kara <j...@suse.cz> --- fs/btrfs/ioctl.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 9254b3d..94e7ab5 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -977,7 +977,7 @@ static noinline int copy_to_sk(struct btrfs_root *root, } found++; - if (*num_found >= sk->nr_items) + if (*num_found + found >= sk->nr_items) break; } advance_key: -- 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html