From 7328acd0520c2e1267ae772b93b0483d1bcf009b Mon Sep 17 00:00:00 2001
From: Samuel Just <sjust@redhat.com>
Date: Tue, 1 Sep 2020 16:08:01 -0700
Subject: [PATCH] crimson/os/journal: check offset against segment length in
 replay

Signed-off-by: Samuel Just <sjust@redhat.com>
---
 src/crimson/os/seastore/journal.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/crimson/os/seastore/journal.cc b/src/crimson/os/seastore/journal.cc
index d044c0abf60e0..8f98b0ab846ab 100644
--- a/src/crimson/os/seastore/journal.cc
+++ b/src/crimson/os/seastore/journal.cc
@@ -286,6 +286,11 @@ Journal::find_replay_segments_fut Journal::find_replay_segments()
 Journal::read_record_metadata_ret Journal::read_record_metadata(
   paddr_t start)
 {
+  if (start.offset + block_size > (int64_t)segment_manager.get_segment_size()) {
+    return read_record_metadata_ret(
+      read_record_metadata_ertr::ready_future_marker{},
+      std::nullopt);
+  }
   return segment_manager.read(start, block_size
   ).safe_then(
     [this, start](bufferptr bptr) mutable
@@ -303,6 +308,10 @@ Journal::read_record_metadata_ret Journal::read_record_metadata(
 	  std::nullopt);
       }
       if (header.mdlength > block_size) {
+	if (start.offset + header.mdlength >
+	    (int64_t)segment_manager.get_segment_size()) {
+	  return crimson::ct_error::input_output_error::make();
+	}
 	return segment_manager.read(
 	  {start.segment, start.offset + (segment_off_t)block_size},
 	  header.mdlength - block_size).safe_then(
-- 
2.39.5