Btrfs-progs: check return value of read_tree_block() in check_chunks_and_extents()
The following steps could trigger btrfs segfault: mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3} losetup -d /dev/loop2 btrfs check /dev/loop0 The reason is that read_tree_block() returns NULL and add_root_to_pending() dereferences it without checking it first. Also replace a BUG_ON with proper error checking. Signed-off-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: David Sterba <dsterba@suse.cz> Signed-off-by: Chris Mason <clm@fb.com>
This commit is contained in:
parent
257a71cb24
commit
b2e99e1819
|
@ -5759,6 +5759,10 @@ again:
|
|||
btrfs_level_size(root,
|
||||
btrfs_root_level(&ri)),
|
||||
0);
|
||||
if (!buf) {
|
||||
ret = -EIO;
|
||||
goto out;
|
||||
}
|
||||
add_root_to_pending(buf, &extent_cache,
|
||||
&pending, &seen, &nodes,
|
||||
&found_key);
|
||||
|
@ -5803,6 +5807,10 @@ again:
|
|||
btrfs_root_bytenr(&rec->ri),
|
||||
btrfs_level_size(root,
|
||||
btrfs_root_level(&rec->ri)), 0);
|
||||
if (!buf) {
|
||||
ret = -EIO;
|
||||
goto out;
|
||||
}
|
||||
add_root_to_pending(buf, &extent_cache, &pending,
|
||||
&seen, &nodes, &rec->found_key);
|
||||
while (1) {
|
||||
|
|
|
@ -644,7 +644,10 @@ out:
|
|||
blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item));
|
||||
root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item),
|
||||
blocksize, generation);
|
||||
BUG_ON(!root->node);
|
||||
if (!root->node) {
|
||||
free(root);
|
||||
return ERR_PTR(-EIO);
|
||||
}
|
||||
insert:
|
||||
root->ref_cows = 1;
|
||||
return root;
|
||||
|
|
|
@ -435,7 +435,7 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info,
|
|||
if (ret < 0) {
|
||||
ret = 0;
|
||||
|
||||
printf("failed to load free space cache for block group %llu",
|
||||
printf("failed to load free space cache for block group %llu\n",
|
||||
block_group->key.objectid);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue