xfs: btree format ifork loader should check for zero numrecs
A btree format inode fork with zero records makes no sense, so reject it if we see it, or else we can miscalculate memory allocations. Found by zeroes fuzzing {a,u3}.bmbt.numrecs in xfs/{374,378,412} with KASAN. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Brian Foster <bfoster@redhat.com>
This commit is contained in:
parent
79a69bf8dc
commit
55e45429ce
|
@ -298,6 +298,7 @@ xfs_iformat_btree(
|
||||||
*/
|
*/
|
||||||
if (unlikely(XFS_IFORK_NEXTENTS(ip, whichfork) <=
|
if (unlikely(XFS_IFORK_NEXTENTS(ip, whichfork) <=
|
||||||
XFS_IFORK_MAXEXT(ip, whichfork) ||
|
XFS_IFORK_MAXEXT(ip, whichfork) ||
|
||||||
|
nrecs == 0 ||
|
||||||
XFS_BMDR_SPACE_CALC(nrecs) >
|
XFS_BMDR_SPACE_CALC(nrecs) >
|
||||||
XFS_DFORK_SIZE(dip, mp, whichfork) ||
|
XFS_DFORK_SIZE(dip, mp, whichfork) ||
|
||||||
XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks) ||
|
XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks) ||
|
||||||
|
|
Loading…
Reference in New Issue