On 08/15/2013 01:53 PM, Dan Carpenter wrote: > The "di_size" variable comes from the disk and it's a signed 64 bit. > We check the upper limit but we should check for negative numbers as > well. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > diff --git a/fs/xfs/xfs_inode_fork.c b/fs/xfs/xfs_inode_fork.c > index 123971b..849fc70 100644 > --- a/fs/xfs/xfs_inode_fork.c > +++ b/fs/xfs/xfs_inode_fork.c > @@ -167,7 +167,8 @@ xfs_iformat_fork( > } > > di_size = be64_to_cpu(dip->di_size); > - if (unlikely(di_size > XFS_DFORK_DSIZE(dip, ip->i_mount))) { > + if (unlikely(di_size < 0 || But the di_size is initialized to ZERO while allocating a new inode on disk. I wonder if that is better to ASSERT in this case because the current check is used to make sure that the item is inlined, or we don't need it at all. > + di_size > XFS_DFORK_DSIZE(dip, ip->i_mount))) { > xfs_warn(ip->i_mount, > "corrupt inode %Lu (bad size %Ld for local inode).", > (unsigned long long) ip->i_ino, > Thanks, -Jeff -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html