* [PATCH] fix (latent?) memory corruption in btrfs_encode_fh()
@ 2010-10-07 9:28 Jan Beulich
0 siblings, 0 replies; only message in thread
From: Jan Beulich @ 2010-10-07 9:28 UTC (permalink / raw)
To: Chris Mason; +Cc: linux-btrfs
The earlier checks only cover the two smaller cases, and hence if the
caller specified size is less than what's needed to fit
parent_root_objectid unrelated memory may get overwritten.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
---
fs/btrfs/export.c | 2 ++
1 file changed, 2 insertions(+)
--- linux-2.6.36-rc7/fs/btrfs/export.c
+++ 2.6.36-rc7-btrfs-encode-fh/fs/btrfs/export.c
@@ -46,6 +46,8 @@ static int btrfs_encode_fh(struct dentry
spin_unlock(&dentry->d_lock);
if (parent_root_id != fid->root_objectid) {
+ if (*max_len < BTRFS_FID_SIZE_CONNECTABLE_ROOT)
+ return 255;
fid->parent_root_objectid = parent_root_id;
len = BTRFS_FID_SIZE_CONNECTABLE_ROOT;
type = FILEID_BTRFS_WITH_PARENT_ROOT;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-10-07 9:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-07 9:28 [PATCH] fix (latent?) memory corruption in btrfs_encode_fh() Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).