hello, This patch fixes an accessing freed memory bug in merge_inode_recs. Thank you,
Signed-off-by: Yan Zheng <[email protected]> --- diff -urp btrfs-progs-unstable/btrfsck.c btrfs-progs/btrfsck.c --- btrfs-progs-unstable/btrfsck.c 2009-01-23 06:01:44.064370471 +0800 +++ btrfs-progs/btrfsck.c 2009-01-23 11:56:36.000000000 +0800 @@ -84,6 +84,7 @@ struct inode_backref { struct inode_record { struct list_head backrefs; unsigned int checked:1; + unsigned int merging:1; unsigned int found_inode_item:1; unsigned int found_dir_item:1; unsigned int found_file_extent:1; @@ -120,6 +121,7 @@ struct inode_record { #define I_ERR_FILE_NBYTES_WRONG (1 << 10) #define I_ERR_ODD_CSUM_ITEM (1 << 11) #define I_ERR_SOME_CSUM_MISSING (1 << 12) +#define I_ERR_LINK_COUNT_WRONG (1 << 13) struct ptr_node { struct cache_extent cache; @@ -258,7 +260,7 @@ static void maybe_free_inode_rec(struct } } - if (!rec->checked) + if (!rec->checked || rec->merging) return; if (S_ISDIR(rec->imode)) { @@ -425,6 +427,7 @@ static int merge_inode_recs(struct inode struct inode_backref *backref; struct cache_tree *dst_cache = &dst_node->inode_cache; + dst->merging = 1; list_for_each_entry(backref, &src->backrefs, list) { if (backref->found_dir_index) { add_inode_backref(dst_cache, dst->ino, backref->dir, @@ -492,6 +495,7 @@ static int merge_inode_recs(struct inode if (dst_node->current == dst) dst_node->current = NULL; } + dst->merging = 0; maybe_free_inode_rec(dst_cache, dst); return 0; } @@ -1159,6 +1163,8 @@ static int check_inode_recs(struct btrfs error++; if (!rec->found_inode_item) rec->errors |= I_ERR_NO_INODE_ITEM; + if (rec->found_link != rec->nlink) + rec->errors |= I_ERR_LINK_COUNT_WRONG; fprintf(stderr, "root %llu inode %llu errors %x\n", root->root_key.objectid, rec->ino, rec->errors); list_for_each_entry(backref, &rec->backrefs, list) { -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
