RepoMirrors
/
btrfs-progs
mirror of https://github.com/kdave/btrfs-progs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

btrfs-progs: image: catch zero length extents, avoid endless loop 

If an extent is found to have length 0, we'd loop endlessly in
copy_from_extent_tree. Reproduced by fuzzed image
bko-166361-blocksize-zero.raw within test 002-simple-image .

Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
David Sterba 2016-10-03 14:52:30 +02:00
parent 35d0588b64
commit 3956c16d0b
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
btrfs-image.c
View File

@ -1264,10 +1264,18 @@ static int copy_from_extent_tree(struct metadump_struct *metadump,
}
bytenr = key.objectid;
if (key.type == BTRFS_METADATA_ITEM_KEY)
if (key.type == BTRFS_METADATA_ITEM_KEY) {
num_bytes = extent_root->nodesize;
else
} else {
num_bytes = key.offset;
}
if (num_bytes == 0) {
error("extent length 0 at bytenr %llu key type %d",
(unsigned long long)bytenr, key.type);
ret = -EIO;
break;
}
if (btrfs_item_size_nr(leaf, path->slots[0]) > sizeof(*ei)) {
ei = btrfs_item_ptr(leaf, path->slots[0],