Re: [PATCH] check: check so offset is not bigger then the leaf

2015-07-01 Thread David Sterba
On Mon, Jun 29, 2015 at 02:16:28PM +0300, Trollkarlen Marklund wrote: > > Do you have a crafted filesystem image that can reproduce that or was > > that found by code inspection? > > I have a failed filesystem caused by a failing disk that I tried to > fix/recover. > Then i stumbled on this, and

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-29 Thread Trollkarlen Marklund
> On 18 Jun 2015, at 19:44, David Sterba wrote: > > On Thu, Jun 18, 2015 at 01:59:13AM +0200, Robert Marklund wrote: >> This could crash before because of dangerous dangling >> offset of pointer. > > That's right, this can happen. There are more btrfs_item_ptr that would > be good to validate t

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-25 Thread David Sterba
On Thu, Jun 25, 2015 at 09:24:10AM -0700, Josef Bacik wrote: > > + > > + for (i = 0; i < nritems; i++) { > > + void *tmp; > > + > > + tmp = btrfs_item_ptr(buf, i, void); > > + if ((long)tmp >= BTRFS_LEAF_DATA_SIZE(root)) { > > +

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-25 Thread Josef Bacik
On 06/25/2015 09:06 AM, David Sterba wrote: On Thu, Jun 18, 2015 at 10:16:54AM -0700, Josef Bacik wrote: On 06/18/2015 09:44 AM, David Sterba wrote: On Thu, Jun 18, 2015 at 01:59:13AM +0200, Robert Marklund wrote: This could crash before because of dangerous dangling offset of pointer. That'

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-25 Thread David Sterba
On Thu, Jun 18, 2015 at 10:16:54AM -0700, Josef Bacik wrote: > On 06/18/2015 09:44 AM, David Sterba wrote: > > On Thu, Jun 18, 2015 at 01:59:13AM +0200, Robert Marklund wrote: > >> This could crash before because of dangerous dangling > >> offset of pointer. > > > > That's right, this can happen. T

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-18 Thread Josef Bacik
On 06/18/2015 09:44 AM, David Sterba wrote: On Thu, Jun 18, 2015 at 01:59:13AM +0200, Robert Marklund wrote: This could crash before because of dangerous dangling offset of pointer. That's right, this can happen. There are more btrfs_item_ptr that would be good to validate that way, namely in

Re: [PATCH] check: check so offset is not bigger then the leaf

2015-06-18 Thread David Sterba
On Thu, Jun 18, 2015 at 01:59:13AM +0200, Robert Marklund wrote: > This could crash before because of dangerous dangling > offset of pointer. That's right, this can happen. There are more btrfs_item_ptr that would be good to validate that way, namely in the checker as it's most likely to see corru

[PATCH] check: check so offset is not bigger then the leaf

2015-06-17 Thread Robert Marklund
This could crash before because of dangerous dangling offset of pointer. Signed-off-by: Robert Marklund --- cmds-check.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/cmds-check.c b/cmds-check.c index 778f141..da36758 100644 --- a/cmds-check.c +++ b/cmds-check.c @@ -8906,6 +890