Skip to content

Commit 6437c70

Browse files
fdmananakdave
authored andcommitted
btrfs: fix iteration of extrefs during log replay
At __inode_add_ref() when processing extrefs, if we jump into the next label he have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victim_name.len was not initialized to the length of the name of the current extref. Fix this by initializing victim_name.len with the current extref's name length. Fixes: e43eec8 ("btrfs: use struct qstr instead of name and namelen pairs") Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com> Signed-off-by: David Sterba <dsterba@suse.com>
1 parent ae82071 commit 6437c70

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

fs/btrfs/tree-log.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1146,13 +1146,13 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans,
11461146
struct fscrypt_str victim_name;
11471147

11481148
extref = (struct btrfs_inode_extref *)(base + cur_offset);
1149+
victim_name.len = btrfs_inode_extref_name_len(leaf, extref);
11491150

11501151
if (btrfs_inode_extref_parent(leaf, extref) != parent_objectid)
11511152
goto next;
11521153

11531154
ret = read_alloc_one_name(leaf, &extref->name,
1154-
btrfs_inode_extref_name_len(leaf, extref),
1155-
&victim_name);
1155+
victim_name.len, &victim_name);
11561156
if (ret)
11571157
return ret;
11581158

0 commit comments

Comments
 (0)