From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bob Peterson <rpeterso@redhat.com>
Date: Mon, 14 Sep 2015 13:19:02 -0400 (EDT)
Subject: [Cluster-devel] [libgfs2 PATCH] libgfs2: Check block range when
 inserting into rgrp tree
In-Reply-To: <661769988.28256076.1442251076435.JavaMail.zimbra@redhat.com>
Message-ID: <1300624095.28256563.1442251142819.JavaMail.zimbra@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi,

This patch adds checks to function rindex_read to make sure the
rgrp starting address isn't grossly outside the file system.
It may be in the case of severely corrupt file systems from fsck.
If we added them to the rgrp tree, our calculations will get
screwed up, eventually causing a segfault.

Regards,

Bob Peterson
Red Hat File Systems

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
---
diff --git a/gfs2/libgfs2/super.c b/gfs2/libgfs2/super.c
index b956366..73354ff 100644
--- a/gfs2/libgfs2/super.c
+++ b/gfs2/libgfs2/super.c
@@ -166,6 +166,12 @@ int rindex_read(struct gfs2_sbd *sdp, int fd, int *count1, int *sane)
 			return -1;
 
 		gfs2_rindex_in(&ri, (char *)&buf.bufgfs2);
+		if (gfs2_check_range(sdp, ri.ri_addr) != 0) {
+			*sane = 0;
+			if (prev_rgd == NULL)
+				return -1;
+			ri.ri_addr = prev_rgd->ri.ri_addr + prev_rgd->length;
+		}
 		rgd = rgrp_insert(&sdp->rgtree, ri.ri_addr);
 		memcpy(&rgd->ri, &ri, sizeof(struct gfs2_rindex));