On 04/30/2018 11:15 AM, Qu Wenruo wrote:
For btrfs_print_tree(), if nr_items is corrupted, it can easily go
beyond extent buffer boundary.
Add extra nr_item check, and only print as many valid slots as possible.
Make sense.
Signed-off-by: Qu Wenruo <w...@suse.com>
---
print-tree.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/print-tree.c b/print-tree.c
index 31a851ef4413..55db80bebb2a 100644
--- a/print-tree.c
+++ b/print-tree.c
@@ -1376,6 +1376,11 @@ void btrfs_print_tree(struct extent_buffer *eb, int
follow)
btrfs_print_leaf(eb);
return;
}
+ /* We are crossing eb boundary, this node must be corrupted */
+ if (nr > BTRFS_NODEPTRS_PER_EXTENT_BUFFER(eb))
+ warning(
+ "node nr_items corrupted, has %u limit %u, continue print
anyway",
+ nr, BTRFS_NODEPTRS_PER_EXTENT_BUFFER(eb));
printf("node %llu level %d items %d free %u generation %llu owner ",
(unsigned long long)eb->start,
btrfs_header_level(eb), nr,
@@ -1386,7 +1391,11 @@ void btrfs_print_tree(struct extent_buffer *eb, int
follow)
print_uuids(eb);
fflush(stdout);
- u64 blocknr = btrfs_node_blockptr(eb, i);
+ u64 blocknr;
+
+ if (i > BTRFS_NODEPTRS_PER_EXTENT_BUFFER(eb))
+ break;
Should it be i >= BTRFS_NODEPTRS_PER_EXTENT_BUFFER(eb)?
Here BTRFS_NODEPTRS_PER_EXTENT_BUFFER() is called during iterations.
The judement can be calculated in advance like:
ptr_num = BTRFS_NODEPTRS_PER_EXTENT_BUFFER(eb);
...
for (i = 0; i < nr && i < ptr_num ; i++) {
Thanks,
Su
+ blocknr = btrfs_node_blockptr(eb, i);
btrfs_node_key(eb, &disk_key, i);
btrfs_disk_key_to_cpu(&key, &disk_key);
printf("\t");
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
