Exposed by fuzzed image from Lukas, which contains invalid drop level (16), causing segfault when accessing path->nodes[drop_level].
This patch will check drop level against fs tree level and BTRFS_MAX_LEVEL to avoid such problem. Reported-by: Lukas Lueg <[email protected]> Signed-off-by: Qu Wenruo <[email protected]> --- cmds-check.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmds-check.c b/cmds-check.c index 1e1f7c9..2aa0a7b 100644 --- a/cmds-check.c +++ b/cmds-check.c @@ -3742,6 +3742,11 @@ static int check_fs_root(struct btrfs_root *root, btrfs_disk_key_to_cpu(&key, &root_item->drop_progress); level = root_item->drop_level; path.lowest_level = level; + if (level > btrfs_header_level(root->node) || + level >= BTRFS_MAX_LEVEL) { + error("ignoring invalid drop level: %u", level); + goto skip_walking; + } wret = btrfs_search_slot(NULL, root, &key, &path, 0, 0); if (wret < 0) goto skip_walking; -- 2.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
