On Tue, Jun 05, 2018 at 12:42:07PM +0200, Carlos Maiolino wrote:
> > + if (irec->rc_blockcount == 0 || irec->rc_blockcount > MAXREFCEXTLEN)
> > + goto out_bad_rec;
> > +
> > + /* handle special COW-staging state */
> > + realstart = irec->rc_startblock;
> > + if (realstart & XFS_REFC_COW_START) {
> > + if (irec->rc_refcount != 1)
> > + goto out_bad_rec;
> > + realstart &= ~XFS_REFC_COW_START;
> > }
> > - return error;
> > +
> > + /* check for valid extent range, including overflow */
> > + if (!xfs_verify_agbno(mp, agno, realstart))
> > + goto out_bad_rec;
> > + if (realstart > realstart + irec->rc_blockcount)
>
> I am not sure if I'm right, but I thought this ought to be ">="?
We've already caught zero length and block count greater than
2^32-1, so if the above is true we've wrapped through zero during
the addition. But we can never add 0 or 2^32 to realstart here, so
the "==" condition will not occur and we don't need to check for
it....
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
