On Thu, May 25, 2017 at 10:09:07AM +0800, Su Yue wrote:
> @@ -472,6 +474,15 @@ int verify_dir_item(struct btrfs_fs_info *fs_info,
> return 1;
> }
>
> + namelen = btrfs_dir_name_len(leaf, dir_item);
> + namelen_ret = btrfs_check_namelen(leaf, slot,
> +
Origin 'verify_dir_item' verify namelen of dir_item with fixed values
but no item boundary.
If corrupted namelen was not bigger than the fixed value, for example 255,
the function will think the dir_item is fine. And then reading beyond
boundary will cause crash.
Add a parameter 'slot' and check n
