diff options
| author | Eryu Guan <guaneryu@gmail.com> | 2014-01-10 22:50:02 +0800 |
|---|---|---|
| committer | Chris Mason <clm@fb.com> | 2014-01-31 08:22:25 -0800 |
| commit | b2e99e1819d967828edf149db5a203e59a40e379 (patch) | |
| tree | ce30a1c71f736e438a9eaa8ec2cf133cd0850080 | |
| parent | 257a71cb24b04d5a7477b0618665ceb1e1cc149b (diff) | |
| download | btrfs-progs-b2e99e1819d967828edf149db5a203e59a40e379.tar.gz | |
Btrfs-progs: check return value of read_tree_block() in check_chunks_and_extents()
The following steps could trigger btrfs segfault:
mkfs -t btrfs -m raid5 -d raid5 /dev/loop{0..3}
losetup -d /dev/loop2
btrfs check /dev/loop0
The reason is that read_tree_block() returns NULL and
add_root_to_pending() dereferences it without checking it first.
Also replace a BUG_ON with proper error checking.
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Chris Mason <clm@fb.com>
| -rw-r--r-- | cmds-check.c | 8 | ||||
| -rw-r--r-- | disk-io.c | 5 | ||||
| -rw-r--r-- | free-space-cache.c | 2 |
3 files changed, 13 insertions, 2 deletions
diff --git a/cmds-check.c b/cmds-check.c index 1569d6f..b518a6b 100644 --- a/cmds-check.c +++ b/cmds-check.c @@ -5759,6 +5759,10 @@ again: btrfs_level_size(root, btrfs_root_level(&ri)), 0); + if (!buf) { + ret = -EIO; + goto out; + } add_root_to_pending(buf, &extent_cache, &pending, &seen, &nodes, &found_key); @@ -5803,6 +5807,10 @@ again: btrfs_root_bytenr(&rec->ri), btrfs_level_size(root, btrfs_root_level(&rec->ri)), 0); + if (!buf) { + ret = -EIO; + goto out; + } add_root_to_pending(buf, &extent_cache, &pending, &seen, &nodes, &rec->found_key); while (1) { @@ -644,7 +644,10 @@ out: blocksize = btrfs_level_size(root, btrfs_root_level(&root->root_item)); root->node = read_tree_block(root, btrfs_root_bytenr(&root->root_item), blocksize, generation); - BUG_ON(!root->node); + if (!root->node) { + free(root); + return ERR_PTR(-EIO); + } insert: root->ref_cows = 1; return root; diff --git a/free-space-cache.c b/free-space-cache.c index 1ca7980..55d7318 100644 --- a/free-space-cache.c +++ b/free-space-cache.c @@ -435,7 +435,7 @@ int load_free_space_cache(struct btrfs_fs_info *fs_info, if (ret < 0) { ret = 0; - printf("failed to load free space cache for block group %llu", + printf("failed to load free space cache for block group %llu\n", block_group->key.objectid); } |