diff options
| author | Zhang Yu <zhangyu-fnst@cn.fujitsu.com> | 2017-08-24 18:38:41 +0800 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2017-09-08 16:15:05 +0200 |
| commit | e96921bcaa059f1c7a5a7b3e3c3b02bb6a008f51 (patch) | |
| tree | fb20519f70e10af1cc8a7478e5f96eddd38eb8d6 /print-tree.c | |
| parent | cb39164f9d87e6309e315929a3b6a6791c5ee8f6 (diff) | |
Btrfs-progs: print-tree: check num_stripes in print_chunk
[TEST/fuzz] case: 004-simple-dump-tree
Since the wrong key(DATA_RELOC_TREE CHUNK_ITEM 0) in root tree,
error calling print_chunk(), resulting in num_stripes == 0.
ERROR:
[TEST/fuzz] 004-simple-dump-tree
ctree.h:317: btrfs_chunk_item_size: BUG_ON `num_stripes == 0`
triggered, value 1
failed (ignored, ret=134): /myproject/btrfs-progs/btrfs
inspect-internal dump-tree
/myproject/btrfs-progs/tests/fuzz-tests/images/
bko-155201-wrong-chunk-item-in-root-tree.raw.restored
test failed for case 004-simple-dump-tree
Makefile:288: recipe for target 'test-fuzz' failed
make: *** [test-fuzz] Error 1
So, check on num_stripes in print_chunk
Signed-off-by: Zhang Yu <zhangyu-fnst@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'print-tree.c')
| -rw-r--r-- | print-tree.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/print-tree.c b/print-tree.c index c752ba25..6e6b69b8 100644 --- a/print-tree.c +++ b/print-tree.c @@ -198,9 +198,17 @@ void print_chunk_item(struct extent_buffer *eb, struct btrfs_chunk *chunk) { u16 num_stripes = btrfs_chunk_num_stripes(eb, chunk); int i; - u32 chunk_item_size = btrfs_chunk_item_size(num_stripes); + u32 chunk_item_size; char chunk_flags_str[32] = {0}; + /* The chunk must contain at least one stripe */ + if (num_stripes < 1) { + printf("invalid num_stripes: %u\n", num_stripes); + return; + } + + chunk_item_size = btrfs_chunk_item_size(num_stripes); + if ((unsigned long)chunk + chunk_item_size > eb->len) { printf("\t\tchunk item invalid\n"); return; |