btrfs-progs: image: catch zero length extents, avoid endless loop

If an extent is found to have length 0, we'd loop endlessly in copy_from_extent_tree. Reproduced by fuzzed image bko-166361-blocksize-zero.raw within test 002-simple-image . Signed-off-by: David Sterba <dsterba@suse.com>
author: David Sterba <dsterba@suse.com> 2016-10-03 14:52:30 +0200
committer: David Sterba <dsterba@suse.com> 2016-10-03 15:07:24 +0200
commit: 3956c16d0b1ba2e35b32530de80f68f29c8a8ae8 (patch)
tree: 6853810cc91f449f5e6b6f53d6bfbd2aec89b877 /btrfs-image.c
parent: 35d0588b641b227f6560f8c7240e0b2c43afae14 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/btrfs-image.c b/btrfs-image.c
index 6bb8d470..bbe4f638 100644
--- a/btrfs-image.c
+++ b/btrfs-image.c
@@ -1264,10 +1264,18 @@ static int copy_from_extent_tree(struct metadump_struct *metadump,
 		}
 
 		bytenr = key.objectid;
-		if (key.type == BTRFS_METADATA_ITEM_KEY)
+		if (key.type == BTRFS_METADATA_ITEM_KEY) {
 			num_bytes = extent_root->nodesize;
-		else
+		} else {
 			num_bytes = key.offset;
+		}
+
+		if (num_bytes == 0) {
+			error("extent length 0 at bytenr %llu key type %d",
+					(unsigned long long)bytenr, key.type);
+			ret = -EIO;
+			break;
+		}
 
 		if (btrfs_item_size_nr(leaf, path->slots[0]) > sizeof(*ei)) {
 			ei = btrfs_item_ptr(leaf, path->slots[0],
author	David Sterba <dsterba@suse.com>	2016-10-03 14:52:30 +0200
committer	David Sterba <dsterba@suse.com>	2016-10-03 15:07:24 +0200
commit	3956c16d0b1ba2e35b32530de80f68f29c8a8ae8 (patch)
tree	6853810cc91f449f5e6b6f53d6bfbd2aec89b877 /btrfs-image.c
parent	35d0588b641b227f6560f8c7240e0b2c43afae14 (diff)