Commit 8ba92d43 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: fail out of xfs_attr3_leaf_lookup_int if it looks corrupt 



If the xattr leaf block looks corrupt, return -EFSCORRUPTED to userspace
instead of ASSERTing on debug kernels or running off the end of the
buffer on regular kernels.

Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
parent 9cfb9b47

fs/xfs/libxfs/xfs_attr_leaf.c

+6 −3
Original line number Diff line number Diff line
@@ -2249,7 +2249,8 @@ xfs_attr3_leaf_lookup_int( 
	leaf = bp->b_addr;

	xfs_attr3_leaf_hdr_from_disk(args->geo, &ichdr, leaf);

	entries = xfs_attr3_leaf_entryp(leaf);

	ASSERT(ichdr.count < args->geo->blksize / 8);

	if (ichdr.count >= args->geo->blksize / 8)

		return -EFSCORRUPTED;



	/*

	 * Binary search.  (note: small blocks will skip this loop)
@@ -2265,8 +2266,10 @@ xfs_attr3_leaf_lookup_int( 
		else

			break;

	}

	ASSERT(probe >= 0 && (!ichdr.count || probe < ichdr.count));

	ASSERT(span <= 4 || be32_to_cpu(entry->hashval) == hashval);

	if (!(probe >= 0 && (!ichdr.count || probe < ichdr.count)))

		return -EFSCORRUPTED;

	if (!(span <= 4 || be32_to_cpu(entry->hashval) == hashval))

		return -EFSCORRUPTED;



	/*

	 * Since we may have duplicate hashval's, find the first matching