xfs_attr_shortform_verify() contains the following code:
int64_t size = ifp->if_bytes;
/*
* Give up if the attribute is way too short.
*/
if (size < sizeof(struct xfs_attr_sf_hdr))
return __this_address;
In general "if (signed < sizeof())" is wrong because of how type
promotions work. Such check won't catch small negative values.
I don't know XFS well enough to know if negative values were excluded
somewhere above the callchain, but maybe someone else does.
