On 11/19/14 4:12 PM, Eric Sandeen wrote: > Here blkno is a daddr_t, which is a __s64; it's possible to hold > a value which is negative, and thus pass the (blkno >= eofs) > test. Then we try to do a xfs_perag_get() for a ridiculous > agno via xfs_daddr_to_agno(), and bad things happen when that > fails, and returns a null pag which is dereferenced shortly > thereafter. > > Found via a user-supplied fuzzed image... NAK - this needs a bit more love; if we catch this and fail, the caller may still do something crazy with this data. V2 coming in a bit. -Eric _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
