Btrfs-progs: check return value of realpath(3)
I hit a segfault when deleting a subvolume with very long name(>4096), it's because cmd_subvol_delete() calls strdup() and passes NULL as argument, which is returned by realpath(3). I used the following script to reproduce #!/bin/bash mnt=$1 i=1 path=$mnt/subvol_$i # Create very deep subvolumes while btrfs sub create $path;do ((i++)) path="$path/subvol_$i" done last_vol=$(dirname $path) dir=$(dirname $last_vol) vol=$(basename $last_vol) # Try to delete tha last one, this would get segfault pushd $dir btrfs sub delete $vol popd Fix it by checking return value of realpath(3), also fix the one in find_mount_root(). Signed-off-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: David Sterba <dsterba@suse.cz> Signed-off-by: Chris Mason <chris.mason@fusionio.com>
This commit is contained in:
parent
3fed284f93
commit
a7131ad124
|
@ -63,6 +63,7 @@ int find_mount_root(const char *path, char **mount_root)
|
|||
int fd;
|
||||
struct mntent *ent;
|
||||
int len;
|
||||
int ret;
|
||||
int longest_matchlen = 0;
|
||||
char *longest_match = NULL;
|
||||
|
||||
|
@ -95,10 +96,13 @@ int find_mount_root(const char *path, char **mount_root)
|
|||
return -ENOENT;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
*mount_root = realpath(longest_match, NULL);
|
||||
free(longest_match);
|
||||
if (!mount_root)
|
||||
ret = -errno;
|
||||
|
||||
return 0;
|
||||
free(longest_match);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int get_root_id(struct btrfs_send *s, const char *path, u64 *root_id)
|
||||
|
|
|
@ -236,6 +236,12 @@ again:
|
|||
}
|
||||
|
||||
cpath = realpath(path, NULL);
|
||||
if (!cpath) {
|
||||
ret = errno;
|
||||
fprintf(stderr, "ERROR: finding real path for '%s': %s\n",
|
||||
path, strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
dupdname = strdup(cpath);
|
||||
dname = dirname(dupdname);
|
||||
dupvname = strdup(cpath);
|
||||
|
|
Loading…
Reference in a new issue