path: root/cmds-check.c
diff options
authorLu Fengqi <>2017-05-02 15:36:09 +0800
committerDavid Sterba <>2017-05-02 16:29:38 +0200
commit528ba342acfcce93457708ee5bdec98dee52645a (patch)
tree507344a62723606e2398099a83731494227b8ad8 /cmds-check.c
parentf80b1f1db66216aeca06be03d0269b2e2946974b (diff)
btrfs-progs: tests: Fix fuzz-test for bko-161821.raw.txt
Fuzzed image bko-161821.raw causes btrfs check to get segmentation fault. The function check_owner_ref attempts to access a non-exist quota tree when dealing with extent_item [4198400 4096] in the corrupted filesystem. The function btrfs_new_fs_info always allocates memory for fs_info->quota_root regardless of whether quota_tree exists or not. Additionally, the function btrfs_read_fs_root will directly return fs_info->quota_root if location->objectid == BTRFS_QUOTA_TREE_OBJECTID. This patch does the following things: 1. Do extra check and return ENOENT if quota tree does not exist in the function btrfs_read_fs_root. 2. Free useless fs_info->quota_root in the function btrfs_setup_all_roots to reduce confusion. 3. free_extent_buffer even if check_child_node failed in the function walk_down_tree. Signed-off-by: Lu Fengqi <> Signed-off-by: David Sterba <>
Diffstat (limited to 'cmds-check.c')
1 files changed, 1 insertions, 0 deletions
diff --git a/cmds-check.c b/cmds-check.c
index 897b1587..ec56bbab 100644
--- a/cmds-check.c
+++ b/cmds-check.c
@@ -2185,6 +2185,7 @@ static int walk_down_tree(struct btrfs_root *root, struct btrfs_path *path,
ret = check_child_node(cur, path->slots[*level], next);
if (ret) {
+ free_extent_buffer(next);
err = ret;
goto out;