]> git-server-git.apps.pok.os.sepia.ceph.com Git - xfsprogs-dev.git/commit
projects / xfsprogs-dev.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7c096d) | patch
metadump: catch used extent array overflow
authorCarlos Maiolino <cem@kernel.org>
Thu, 13 Nov 2025 13:57:11 +0000 (14:57 +0100)
committerAndrey Albershteyn <aalbersh@kernel.org>
Mon, 24 Nov 2025 14:35:05 +0000 (15:35 +0100)
commit2a30566311e6e43f5e313c00493740fbb4098fc3
tree1bc9a4fd65d3eef37799d2c9b600e0f503bbb223tree | snapshot
parentd7c096df3e8ca56ea02630f64fc24bb008826238commit | diff
metadump: catch used extent array overflow

An user reported a SIGSEGV when attempting to create a metadump image of
a filesystem.
The reason is because we fail to catch a possible overflow in the
used extents array in process_exinode() which may happen if the extent
count is corrupted.
This leads process_bmbt_reclist() to attempt to index into the array
using the bogus extent count with:

convert_extent(&rp[numrecs - 1], &o, &s, &c, &f);

Fix this by extending the used counter to uint64_t and
checking for the overflow possibility.

Reported-by: hubert . <hubjin657@outlook.com>
Suggested-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
db/metadump.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.