path: root/cmds-subvolume.c
diff options
authorEryu Guan <>2013-10-12 23:47:52 +0800
committerChris Mason <>2013-10-16 08:23:13 -0400
commita7131ad1241470829fd5b836ce6cb6c74cdbef45 (patch)
treedd0c0288bc5e19f2539cee0592b058e2bbf2f910 /cmds-subvolume.c
parent3fed284f931a60d58d7896c6e1d9d2d0b22da6c1 (diff)
Btrfs-progs: check return value of realpath(3)
I hit a segfault when deleting a subvolume with very long name(>4096), it's because cmd_subvol_delete() calls strdup() and passes NULL as argument, which is returned by realpath(3). I used the following script to reproduce #!/bin/bash mnt=$1 i=1 path=$mnt/subvol_$i # Create very deep subvolumes while btrfs sub create $path;do ((i++)) path="$path/subvol_$i" done last_vol=$(dirname $path) dir=$(dirname $last_vol) vol=$(basename $last_vol) # Try to delete tha last one, this would get segfault pushd $dir btrfs sub delete $vol popd Fix it by checking return value of realpath(3), also fix the one in find_mount_root(). Signed-off-by: Eryu Guan <> Signed-off-by: David Sterba <> Signed-off-by: Chris Mason <>
Diffstat (limited to 'cmds-subvolume.c')
1 files changed, 6 insertions, 0 deletions
diff --git a/cmds-subvolume.c b/cmds-subvolume.c
index 8832303c..63c708ef 100644
--- a/cmds-subvolume.c
+++ b/cmds-subvolume.c
@@ -236,6 +236,12 @@ again:
cpath = realpath(path, NULL);
+ if (!cpath) {
+ ret = errno;
+ fprintf(stderr, "ERROR: finding real path for '%s': %s\n",
+ path, strerror(errno));
+ goto out;
+ }
dupdname = strdup(cpath);
dname = dirname(dupdname);
dupvname = strdup(cpath);