On 2019/2/20 上午11:08, YueHaibing wrote: > btrfs_item_size_nr return value is u32, convert it to int may result > in truncation.Also read_extent_buffer expect a unsigned param, so > min_t should use type u32 to compare. Btrfs has a up limit on item size, it will never exceed 64K - various overhead. Furthermore, btrfs has metadata read time check to exclude such obviously corrupted tree blocks, thus corrupted tree block will never reach here. Thanks, Qu > > Fixes: 8ea05e3a4262 ("Btrfs: introduce subvol uuids and times") > Signed-off-by: YueHaibing <yuehaibing@xxxxxxxxxx> > --- > fs/btrfs/root-tree.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c > index 02d1a57af78b..893d12fbfda0 100644 > --- a/fs/btrfs/root-tree.c > +++ b/fs/btrfs/root-tree.c > @@ -21,12 +21,12 @@ static void btrfs_read_root_item(struct extent_buffer *eb, int slot, > struct btrfs_root_item *item) > { > uuid_le uuid; > - int len; > + u32 len; > int need_reset = 0; > > len = btrfs_item_size_nr(eb, slot); > read_extent_buffer(eb, item, btrfs_item_ptr_offset(eb, slot), > - min_t(int, len, (int)sizeof(*item))); > + min_t(u32, len, sizeof(*item))); > if (len < sizeof(*item)) > need_reset = 1; > if (!need_reset && btrfs_root_generation(item) > > >
Attachment:
signature.asc
Description: OpenPGP digital signature