btrfs-progs: print-tree: do sanity checks for dir items
There is a bug report that with UBSAN enabled, fuzz/006 test case crashes. It turns out that the image bko-154021-invalid-drop-level.raw has invalid dir items, that the name/data len is beyond the item. And if we try to read beyond the eb boundary, UBSAN got triggered. Normally in kernel tree-checker would reject such metadata in the first place, but in btrfs-progs we can not be that strict or we cannot do a lot of repair. So here just enhance print_dir_item() to do extra sanity checks for data/name len before reading the contents. Issue: #805 Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
parent
fd5a80e5bf
commit
cef75dde63
|
@ -78,6 +78,11 @@ static void print_dir_item(struct extent_buffer *eb, u32 size,
|
|||
printf("\n");
|
||||
name_len = btrfs_dir_name_len(eb, di);
|
||||
data_len = btrfs_dir_data_len(eb, di);
|
||||
if (data_len + name_len + cur > size) {
|
||||
error("invalid length, cur=%u name_len=%u data_len=%u size=%u",
|
||||
cur, name_len, data_len, size);
|
||||
break;
|
||||
}
|
||||
len = (name_len <= sizeof(namebuf))? name_len: sizeof(namebuf);
|
||||
printf("\t\ttransid %llu data_len %u name_len %u\n",
|
||||
btrfs_dir_transid(eb, di),
|
||||
|
|
Loading…
Reference in a new issue