On Tue, Feb 11, 2020 at 06:07:21PM -0700, Andreas Dilger wrote: > In alloc_size_dir() it multiples signed ints when allocating the > buffer for rehashing an htree-indexed directory. This will overflow > when the directory size is above 4GB, which is possible with largedir > directories having about 100M entries, assuming an average 3/4 leaf > fullness and 24-byte filenames, or fewer with longer filenames. > The same problem exisgs in get_next_block(). > > Similarly, the out_dir struct used a signed int for the number of > blocks in the directory, which may result in a negative size if the > directory is over 2GB (about 50M entries or fewer). > > Use appropriate unsigned variables for block counts, and use larger > types for calculating the byte count for memory offsets/sizes. > > Such large directories not been seen yet, but are not too far away. > The ext2fs_get_array() function will properly calculate the needed > memory allocation, and detect overflow on 32-bit systems. > Add ext2fs_resize_array() to do the same for array resize. > > Signed-off-by: Andreas Dilger <adilger@xxxxxxxxxxxxx> > Lustre-bug-id: https://jira.whamcloud.com/browse/LU-13197 Applied, thanks. I had to make a slight change to fix a "merge conflict" with the patch. - Ted
