On Fri, Jan 12, 2018 at 02:04:30PM -0800, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
>
> A btree format inode fork with zero records makes no sense, so reject it
> if we see it, or else we can miscalculate memory allocations. Found by
> zeroes fuzzing {a,u3}.bmbt.numrecs in xfs/{374,378,412} with KASAN.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx>
> fs/xfs/libxfs/xfs_inode_fork.c | 1 +
> 1 file changed, 1 insertion(+)
>
>
> diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c
> index 84eaf17..8c01dd5 100644
> --- a/fs/xfs/libxfs/xfs_inode_fork.c
> +++ b/fs/xfs/libxfs/xfs_inode_fork.c
> @@ -307,6 +307,7 @@ xfs_iformat_btree(
> */
> if (unlikely(XFS_IFORK_NEXTENTS(ip, whichfork) <=
> XFS_IFORK_MAXEXT(ip, whichfork) ||
> + nrecs == 0 ||
> XFS_BMDR_SPACE_CALC(nrecs) >
> XFS_DFORK_SIZE(dip, mp, whichfork) ||
> XFS_IFORK_NEXTENTS(ip, whichfork) > ip->i_d.di_nblocks) ||
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
